CVE-2020-1248
published 2020-06-09CVE-2020-1248: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code…
PriorityP356high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
13.73%
96.0th percentile
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1909_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_x64-based_systems | — | — |
| microsoft | windows_10_version_2004_for_32-bit_systems | — | — |
| microsoft | windows_10_version_2004_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_2004_for_x64-based_systems | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1903_for_32-bit_systems | — | — |
| msrc | windows_10_version_1903_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1903_for_x64-based_systems | — | — |
| msrc | windows_10_version_1909_for_32-bit_systems | — | — |
| msrc | windows_10_version_1909_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_10_version_2004_for_32-bit_systems | — | — |
| msrc | windows_10_version_2004_for_arm64-based_systems | — | — |
| msrc | windows_10_version_2004_for_x64-based_systems | — | — |
| msrc | windows_server_version_1903 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
52213 - 52217, 54191 - 54194, 54219, 54220, 54230 - 54240, 54245 - 54250, 54270 and 54271
- →CVE-2020-1248 can be triggered via a specially crafted web page; monitor for suspicious browser-initiated GDI+ object handling or anomalous rendering processes spawned from browser processes. ↗
- →CVE-2020-1248 can also be triggered via a malicious document file delivered by email or file-sharing; monitor for document-opening processes (e.g., Office apps, PDF readers) spawning unexpected child processes or making unusual GDI+ calls. ↗
- →Prioritize detection on workstation-type devices used for email or internet browsing, including multi-user remote desktop servers, as these are the primary attack surface for CVE-2020-1248. ↗
- ·As of the disclosure date, CVE-2020-1248 had not been exploited in the wild and was rated 'Exploitation Less Likely' for both latest and older software releases. ↗
- ·The Talos Snort rule set covers multiple June 2020 Patch Tuesday CVEs collectively, not exclusively CVE-2020-1248; rule-to-CVE mapping should be verified against the specific Snort advisory before deploying. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
GDI+ Remote Code Execution Vulnerability
vendor_msrc·2020-06-09·CVSS 8.4
CVE-2020-1248 [HIGH] GDI+ Remote Code Execution Vulnerability
GDI+ Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the w
GHSA
GHSA-c792-54f9-cgq9: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
ghsa_unreviewed·2022-05-24
CVE-2020-1248 [HIGH] CWE-119 GHSA-c792-54f9-cgq9: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities
blogs_talos·2020-06-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw.
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products.
While none of the vulnerabilities disclosed have been exploited in the wild, users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation.
The security updates cover several different products including the VBScript engine, SharePoint file-sharing service and GDI+. Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here .
One of the most urgent patches concerns CVE-2020-1248, a remote
Talos
Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities
blogs_talos·2020-06-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday for June 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw.
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products.
While none of the vulnerabilities disclosed have been exploited in the wild, users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation.
The security updates cover several different products including the VBScript engine, SharePoint file-sharing service and GDI+.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here.
One of the most urgent patches concerns CVE-2020-1248, a remote code execution vulnerability in the Windows Graphics Device Interface (GDI). An attack
Qualys
June 2020 Patch Tuesday – 128 Vulns, 11 Critical, Sharepoint, Workstation, Adobe Patches | Qualys
blogs_qualys·2020-06-09·CVSS 8.8
CVE-2020-1299 [HIGH] June 2020 Patch Tuesday – 128 Vulns, 11 Critical, Sharepoint, Workstation, Adobe Patches | Qualys
This month’s Microsoft Patch Tuesday addresses 128 vulnerabilities with 11 of them labeled as Critical. The 11 Critical vulnerabilities cover SharePoint server, Browsers, Scripting Engines, Windows, GDI+, OLE and LNK files. Adobe issued patches today for Experience Manager, Flash Player and Framemaker.
### Workstation Patches
The Browser, Scripting Engine, LNK files (CVE-2020-1299), GDI+(CVE-2020-1248) and OLE (CVE-2020-1281) should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### SharePoint
A remote code execution vulnerability (CVE-2020-1181) is patched in Sharepoint Server that would allow an authenticated user on a guest sys
Tenable
Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)
blogs_tenable·2020-06-09·CVSS 7.5
[HIGH] Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
June 2020 Patch Tuesday – 128 Vulns, 11 Critical, Sharepoint, Workstation, Adobe Patches
blogs_qualys·2020-06-09·CVSS 8.8
CVE-2020-1299 [HIGH] June 2020 Patch Tuesday – 128 Vulns, 11 Critical, Sharepoint, Workstation, Adobe Patches
This month’s Microsoft Patch Tuesday addresses 128 vulnerabilities with 11 of them labeled as Critical. The 11 Critical vulnerabilities cover SharePoint server, Browsers, Scripting Engines, Windows, GDI+, OLE and LNK files. Adobe issued patches today for Experience Manager, Flash Player and Framemaker.
## Workstation Patches
The Browser, Scripting Engine, LNK files ( CVE-2020-1299 ), GDI+( CVE-2020-1248 ) and OLE ( CVE-2020-1281 ) should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## SharePoint
A remote code execution vulnerability ( CVE-2020-1181 ) is patched in Sharepoint Server that would allow an authenticated user on a gue
2020-06-09
Published