Skip to main content

Microsoft WIM Remote Code Execution Vulnerability

A vulnerability in Microsoft's library file 'wimgapi.dll' which is used with Windows Imaging Format (WIM) files has been discovered that could allow remote code execution.
Threat ID:
CC-2498
Category:
Threat Severity:
Medium
Threat Vector:
Published:
21 June 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A vulnerability in Microsoft's library file 'wimgapi.dll' which is used with Windows Imaging Format (WIM) files has been discovered that could allow remote code execution.

Threat details

Exploitation requires the attacker to log on to the target system then run an application using a specially crafted WIM image which causes objects to be improperly handled in memory. The vulnerability is in the 'LoadIntegrityInfo' function when a WIM file header is parsed and can be triggered on operations performed on the malformed file.

This can allow execution of code with the same access rights as the logged-in user leading to potential crash in the system and a denial-of-service attack.

At the time of publication there are no known exploits of this vulnerability.

For further information:

Remediation steps

Type Step
This vulnerability has been addressed in Microsoft's June 2018 Security Update.

Last edited: 17 February 2020 12:49 pm