This security issue was discovered by security researcher Mohamed Ghannam from VERTEX. It affects all versions of Windows, including the latest Windows 10 Fall Creators update. The vulnerability lies in the way that Windows handles loading C++ files with the Win32 API. An attacker could create a specially-crafted image file in such a way that it could exploit this vulnerability. An attacker could then trick a user on a targeted computer into opening this malicious file. If the user then attempts to load any C++ file that was created by using the Win32 API, then this vulnerability could allow an attacker to execute arbitrary code on the user’s computer. To exploit this vulnerability, an attacker would need to convince a user to open a specially-crafted image file. An attacker could then trick a user on a targeted computer into opening this malicious file.
Vulnerability overview
A vulnerability has been discovered in Windows that allows attackers to execute arbitrary code on a targeted computer. The vulnerability lies in the way that Windows handles loading C++ files with the Win32 API. An attacker could create a specially-crafted image file in such a way that it could exploit this vulnerability. An attacker could then trick a user on a targeted computer into opening this malicious file. If the user then attempts to load any C++ file that was created by using the Win32 API, then this vulnerability could allow an attacker to execute arbitrary code on the user’s computer.
Microsoft Windows Product Codes
Timeline
Published on: 02/09/2022 17:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC