Vía SecuriTeam Blog me entero de la existencia del documento de Websense Security Labs: Technical Analysis of MS06-001. Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
www.websensesecuritylabs.com/images/alerts/ms06-001.pdf. "This paper will disassemble GDI32.dll and provide a detailed analysis of the code flow leading to the vulnerability. Readers are expected to be familiar with x86 assembly instructions to follow this document". Profundizando sobre el agujero en el WMF de windows.