Severity Rating: HIGH
Software Affected
· Microsoft Windows Graphics Device Interface (GDI)
Overview
A remote code execution vulnerability has been reported in Microsoft
Windows Graphics Device Interface (GDI) which could allow a remote attacker
to execute arbitrary code and take control of affected system.
Description
A remote code execution vulnerability exists in Microsoft Windows Graphics
Device Interface (GDI) due to improper handling of objects in the memory.
A remote attacker can exploit the vulnerability in multiple different ways.
First, by hosting a specially crafted website that is designed to exploit
the vulnerability and convince users to visit the website. Second, an
attacker could provide a specially crafted document file and convince users
to open the document file.
Successful exploitation of this vulnerability could allow the remote
attacker to take control of affected system, install programs; view,
change, or delete data; or create new accounts with full user rights.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin.
Vendor Information
Microsoft
- -1248
References
Microsoft
- -1248
CVE Name
CVE-2020-1248
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.