Allow Code Execution. This vulnerability affects almost all version of Microsoft Windows.

A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system.

Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Files that are affected by KB896424 patch are:

1. Gdi32.dll 5.1.2600.1755
2. Mf3216.dll 5.1.2600.1331
3. User32.dll 5.1.2600.1634
4. Win32k.sys 5.1.2600.1755
5. Gdi32.dll 5.1.2600.2770
6. Win32k.sys 5.1.2600.2770
7. Gdi32.dll 5.1.2600.2770
8. Win32k.sys 5.1.2600.2770
9. Arpidfix.exe 5.1.2600.2770

Some precaution on the KB896424 updates to these files. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE, SP1QFE, or SP2QFE files to your system.

Otherwise, the installer copies the RTMGDR, SP1GDR, or SP2GDR files to your system. Security updates may not contain all variations of these files.

To verify that KB896424 security update has been applied to an affected system, you can use the Microsoft Baseline Security Analyzer (MBSA) tool. MBSA allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations.

An article on KB896424 - Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution.