This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or Instant Messenger messages.
Revision Note: V1.1 (April 29, 2015): Bulletin revised to correct update replacement entries for all affected software. This is an informational change only.