E19-0rhe1
CVSS:
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
False Positive:
f
Variants:
1
Year:
2019
Description
This strike exploits an information disclosure vulnerability in Microsoft Windows GDI component. The flaw is located in bHandleCreateDIBPatternBrush function and exists due to lack of checks when parsing an EMF files BITMAPINFOHEADER fields. In order to exploit this vulnerability an attacker must entice the victim to open a malicious emf file.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}
