This indicates an attack attempt to exploit a Memory Corruption vulnerability in Microsoft Windows.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted EMF file. A remote attacker may be able to execute arbitrary code within the context of the logged in user via a crafted EMF file.
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Server Core installation option
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.