1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP GDI Remote Code Exec

HTTP GDI Remote Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit the vulnerable GDI Component.

Additional Information

Microsoft Windows graphics device interface (GDI) provides an intermediate layer for applications to communicate to the video interface and printer. GDI interacts with device drivers on behalf of applications.

Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files.

Specifically, the vulnerability resides in an unchecked memory buffer in the Graphics Rendering Engine of the affected operating system. Few technical details are currently available. This BID will be updated when more information emerges.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

Response

Ensure that all patches and security updates provided by Microsoft have been applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube