Microsoft Windows GDI+ is prone to a remote code-execution vulnerability.
Successful exploits can allow attackers to execute arbitrary code with kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition.
Information
Microsoft Windows Vista Service Pack 2 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows RT 8.1
Microsoft Windows RT 0
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 8 for x64-based Systems 0
Microsoft Windows 8 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Silverlight 5.0
Microsoft Silverlight 5 Developer Runtime
Microsoft Office 2010 Service Pack 2 (64-bit editions) 0
Microsoft Office 2010 Service Pack 2 (32-bit editions) 0
Microsoft Office 2007 SP3
Microsoft Lync Basic 2013 (64-bit) SP1
Microsoft Lync Basic 2013 (32-bit) SP1
Microsoft Lync 2013 (64-bit) SP1
Microsoft Lync 2013 (32-bit) SP1
Microsoft Lync 2010 Attendee 0
Microsoft Lync 2010 (64-bit) 0
Microsoft Lync 2010 (32-bit) 0
Microsoft Live Meeting 2007 Console 0
Avaya Messaging Application Server 5.2.1
Avaya Messaging Application Server 5.0.1
Avaya Messaging Application Server 5.2
Avaya Messaging Application Server 5.0
Avaya Meeting Exchange - Webportal 6.2
Avaya Meeting Exchange - Webportal 6.0
Avaya Meeting Exchange - Webportal 5.2.1
Avaya Meeting Exchange - Webportal 5.2
Avaya Meeting Exchange - Webportal 5.0.1
Avaya Meeting Exchange - Webportal 5.0
Avaya Meeting Exchange - Web Conferencing Server 6.2
Avaya Meeting Exchange - Web Conferencing Server 6.0
Avaya Meeting Exchange - Web Conferencing Server 5.2.1
Avaya Meeting Exchange - Web Conferencing Server 5.2
Avaya Meeting Exchange - Web Conferencing Server 5.0.1
Avaya Meeting Exchange - Web Conferencing Server 5.0
Avaya Meeting Exchange - Streaming Server 6.2
Avaya Meeting Exchange - Streaming Server 6.0
Avaya Meeting Exchange - Streaming Server 5.2.1
Avaya Meeting Exchange - Streaming Server 5.2
Avaya Meeting Exchange - Streaming Server 5.0.1
Avaya Meeting Exchange - Streaming Server 5.0
Avaya Meeting Exchange - Recording Server 6.2
Avaya Meeting Exchange - Recording Server 6.0
Avaya Meeting Exchange - Recording Server 5.2.1
Avaya Meeting Exchange - Recording Server 5.2
Avaya Meeting Exchange - Recording Server 5.0.1
Avaya Meeting Exchange - Recording Server 5.0
Avaya Meeting Exchange - Client Registration Server 6.2
Avaya Meeting Exchange - Client Registration Server 6.0
Avaya Meeting Exchange - Client Registration Server 5.2.1
Avaya Meeting Exchange - Client Registration Server 5.2
Avaya Meeting Exchange - Client Registration Server 5.0.1
Avaya Meeting Exchange - Client Registration Server 5.0
Avaya CallPilot 5.1
Avaya CallPilot 5.0.1
Avaya CallPilot 4.0.1
Avaya CallPilot 5.0
Avaya CallPilot 4.0
Exploit
This vulnerability is being exploited as part of the Angler exploit kit.
References: