The vulnerability has been used by an APT group Kaspersky Lab call FruityArmor. Victims have been identified in Thailand, Iran, Algeria, Yemen, Saudi Arabia and Sweden.
Vulnerable component: Windows
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C
CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Graphics Device Interface (GDI) component. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Latest references in media:
- Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw [2019-03-13 15:20:35]
- Microsoft Patches Zero-Day Under Active Attack by APT [2018-10-10 11:40:08]
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT | ZDNet [2018-10-09 22:00:18]
- Patch Tuesday of December 2016: Microsoft Releases 12 Bulletins, Six Critical [2016-12-14 10:30:13]
- Fruity hacking group juiced by Microsoft's October patch parade [2016-10-21 07:40:01]
- FruityArmor APT exploited Windows Zero-Day flaws in attacks in the wild [2016-10-20 19:33:27]
- FruityArmor APT Group Used Recently Patched Windows Zero Day [2016-10-20 13:32:59]
- FruityArmor APT Group Used Windows Zero Day to Escape Sandboxes [2016-10-20 13:03:54]
- Windows Zero-Day Exploited by "FruityArmor" APT Group [2016-10-20 11:43:17]
- Patch Tuesday fixes four Microsoft zero-day flaws exploited in the wild [2016-10-12 11:41:55]
- Microsoft Patches 4 Vulnerabilities Exploited in the Wild [2016-10-12 11:01:50]
- October Patch Tuesday: Changes, urgent updates and what’s coming next [2016-10-12 08:32:23]
- Microsoft Patches Five Zero Days Under Attack [2016-10-11 21:21:33]
- Microsoft released 10 patches, 6 rated critical, 5 fixed zero-day flaws [2016-10-11 21:07:25]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.