Microsoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Windows GDI (Graphics Device Interface) enables applications to use graphics and formatted text on both video displays and printers. GDI can be used to handle bitmaps, metafiles, and fonts. Microsoft Windows GDI contains an integer overflow vulnerability in the AttemptWrite() function. This integer overflow leads to a heap overflow.
By convincing a user to view a specially crafted metafile, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
This vulnerability is addressed by Microsoft Security Bulletin MS07-046. This bulletin provides an updated version of GDI.
Thanks to Microsoft for reporting this vulnerability, who in turn credit eEye Digital Security.
|Date First Published:||2007-08-14|
|Date Last Updated:||2007-08-14 20:58 UTC|