This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote code execution vulnerability in the way GDI32 handles memory allocation.
A bug exists in the kernel component of GDI32 which deals with rendering polylines. This bug allows lines with points outside of the bounds of a display device to incorrectly pass the clipping check, causing data to be written past the end of a buffer when the line is rendered.
There are two possible attack vectors:
1-Malicious EMF files
This can be exploited through Internet Explorer
2-Local code can call the vulnerable function to achieve an elevation of privilege