Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.’s Windows could allow attackers to execute arbitrary code on the targeted host. Successful exploitation would require the attacker to entice his or her victim into viewing a specially-crafted thumbnail leveraging the vulnerability. The vulnerability was reported to iDefense by Kobi Pariente and Yaniv Miron. iDefense has confirmed the existence of this vulnerability in Microsoft Windows XP SP3. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS11-006.
Source: https://thehackernews.com/2011/03/microsoft-windows-picture-and-fax.html