• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability

Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied metafile data.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users viewing malicious files. This facilitates the remote compromise of affected computers.