Soon after Microsoft released an early patch for the Windows Metafile (WMF) image processing flaw, a security company warned about multiple memory corruption vulnerabilities in the patched version.
According to Symantec, an attacker could use these problems to carry out denial-of-service (DoS) attacks, or even execute arbitrary code, which usually means complete control of a users' computer.
These bugs might be introduced with the patch issued by Microsoft on Thursday, but apparently, they exploit different functions in the WMF rendering engine.
"Reports indicate that these issues lead to a denial-of-service condition, however, it is conjectured that arbitrary code execution is possible as well," Symantec said.
Everyone that opens an email which contains an attached malicious image, or visits a website that has such images can be attacked through this vulnerability, just as they could before the patch.
According to Symantec, viewing a malicious file in Windows Explorer might automatically trigger the issues. Any gif, jpg, png or tif file can carry malicious code to perform denial of service or run arbitrary code.
Symantec advised Internet users to disable the Windows Picture and Fax Viewer application, just as it did for the original vulnerability.
» Microsoft Releases Internet Exploer Patches
» Symantec Releases Signature for Microsoft XML Flaw
» F-Secure Warns About Rookit in Symantec Software
» Symantec Antivirus Free Of eEye-Reported Security Threat
» Serious IE Flaw Found
» Internet Explorer Flaw Leads to Data Theft
» Symantec Antivirus Endangers Users' PC, eEye Report Shows
» Microsoft Statement Concerning Windows Meta File Vulnerability