CVE-2018-8553

Name of the Vulnerable Software and Affected Versions Microsoft Graphics Components versions prior to the fixed version Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10

Description A remote code execution issue exists due to the way Microsoft Graphics Components handle objects in memory. This allows remote attackers to execute arbitrary code on the system. The vulnerability is caused by an out-of-bounds operation in memory, which can be exploited by using a specially crafted file.

Recommendations For Windows 7, apply the patch provided by Microsoft to fix the issue. For Windows Server 2012 R2, apply the patch provided by Microsoft to fix the issue. For Windows RT 8.1, apply the patch provided by Microsoft to fix the issue. For Windows Server 2008, apply the patch provided by Microsoft to fix the issue. For Windows Server 2012, apply the patch provided by Microsoft to fix the issue. For Windows 8.1, apply the patch provided by Microsoft to fix the issue. For Windows Server 2016, apply the patch provided by Microsoft to fix the issue. For Windows Server 2008 R2, apply the patch provided by Microsoft to fix the issue. For Windows 10, apply the patch provided by Microsoft to fix the issue. As a temporary workaround, consider restricting access to the NtGdiExtTextOutW function until a patch is available.