A kernel-level vulnerability has been identified by researchers, and is present in all Windows versions even W7. The flaw allows attackers to gain escalated privileges and possibly remotely execute malicious code.

The buffer overflow can be used to crash vulnerable machines as well as elevate privileges. IT research company, Vupen has said that it may also be possible for attackers to execute arbitrary code with kernel privileges.

Secunia have also posted a warning:

?The vulnerability is caused due to a boundary error in win32k.sys within the "CreateDIBPalette()" function when copying colour values into a buffer allocated with a fixed size when creating the DIB palette. This can be exploited via the "GetClipboardData()" API to cause a buffer overflow by specifying a large number of colours (greater than 256) via the "biClrUsed" field in a BITMAPINFOHEADER structure.
Successful exploitation may allow execution of arbitrary code with kernel privileges.?

The flaw effects fully patched installations of every supported Windows platform from XP SP3 to Server 2008. And is likely to affect earlier versions too. There have not been any reports that the vulnerability is being exploited in the wild, but now the cat is out of the bag. Microsoft has said it is investigating the issue.