1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Microsoft GDI Kernel Code Exec

HTTP Microsoft GDI Kernel Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in the way GDI32 handles memory allocation.

Additional Information

A bug exists in the kernel component of GDI32 which deals with rendering polylines. This bug allows lines with points outside of the bounds of a display device to incorrectly pass the clipping check, causing data to be written past the end of a buffer when the line is rendered.

There are two possible attack vectors:

1-Malicious EMF files
This can be exploited through Internet Explorer
2-Local code can call the vulnerable function to achieve an elevation of privilege

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube