CVE-2021-28350: 
vulnerability analysis and mitigation

CVE-2021-28350 is a Windows GDI+ Remote Code Execution Vulnerability that was disclosed in April 2021. This vulnerability affects various versions of Microsoft Windows operating systems, including Windows 10, Windows Server 2016, and Windows Server 2019 (MITRE CVE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access is required, low attack complexity, low privileges required, and no user interaction needed. This vulnerability is unique from similar vulnerabilities CVE-2021-28348 and CVE-2021-28349 (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system, potentially gaining the same level of privileges as the compromised application. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate security patches through Windows Update or download and install them manually from the Microsoft Update Catalog (Microsoft Security).