Lin Wang

**Name of the Vulnerable Software and Affected Versions** Microsoft Graphics Components versions prior to the fixed version Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 **Description** A remote code execution issue exists due to the way Microsoft Graphics Components handle objects in memory. This allows remote attackers to execute arbitrary code on the system. The vulnerability is caused by an out-of-bounds operation in memory, which can be exploited by using a specially crafted file. **Recommendations** For Windows 7, apply the patch provided by Microsoft to fix the issue. For Windows Server 2012 R2, apply the patch provided by Microsoft to fix the issue. For Windows RT 8.1, apply the patch provided by Microsoft to fix the issue. For Windows Server 2008, apply the patch provided by Microsoft to fix the issue. For Windows Server 2012, apply the patch provided by Microsoft to fix the issue. For Windows 8.1, apply the patch provided by Microsoft to fix the issue. For Windows Server 2016, apply the patch provided by Microsoft to fix the issue. For Windows Server 2008 R2, apply the patch provided by Microsoft to fix the issue. For Windows 10, apply the patch provided by Microsoft to fix the issue. As a temporary workaround, consider restricting access to the `NtGdiExtTextOutW` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Graphics Components versions prior to the fixed version Windows 7 Windows Server 2019 Windows Server 2008 R2 Windows Server 2008 Microsoft Office Microsoft Office Word Viewer Office 365 ProPlus Microsoft Excel Viewer Microsoft PowerPoint Viewer **Description** A remote code execution issue exists in the way Microsoft Graphics Components handle objects in memory. This allows an attacker to execute arbitrary code on a target system by opening a specially crafted file. The vulnerability is caused by a buffer overflow in memory. **Recommendations** For Windows 7, apply the patch from the latest patchday to resolve the issue. For Windows Server 2019, Windows Server 2008 R2, and Windows Server 2008, apply the patch from the latest patchday to resolve the issue. For Microsoft Office, update to a version that includes the fix for this issue. For Microsoft Office Word Viewer, Microsoft Excel Viewer, and Microsoft PowerPoint Viewer, avoid opening specially crafted files until a patch is available. For Office 365 ProPlus, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to specially crafted files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a buffer overflow operation in the Windows GDI component, which can be exploited to disclose protected information. This can be achieved through a specially crafted document or a specially formed web page. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.