Strike ID:
E19-0rhe1
CVSS:
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
False Positive:
f
Variants:
1
Year:
2019

Description

This strike exploits an information disclosure vulnerability in Microsoft Windows GDI component. The flaw is located in bHandleCreateDIBPatternBrush function and exists due to lack of checks when parsing an EMF files BITMAPINFOHEADER fields. In order to exploit this vulnerability an attacker must entice the victim to open a malicious emf file.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}