The flaw was found in the Canonical Display Driver (cdd.dll), which is used by desktop composition to blend the Windows Graphics Device Interface (GDI) and DirectX drawing.Ĭode execution, while possible in theory, would be very difficult due to memory randomization both in kernel memory and via Address Space Layout Randomization (ASLR). The vulnerability, which only affects Windows 7 and Windows Server 2008 R2, was publicly discussed ahead of Microsoft's advisory but the company said there are are no reports of attacks attempting to exploit the flaw. A serious security vulnerability in Microsoft's newest operating system could expose users to code execution and denial-of-service attacks, the company warned in an advisory issued late Tuesday.
