Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution Vulnerability

Microsoft Windows WMF graphics rendering engine is affected by a remote code-execution vulnerability. This issue affects the 'SetAbortProc' function.

The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file.

The issue may be exploited remotely or locally. Any remote code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file.

Local code execution may facilitate a complete compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus