Symantec is warning Windows users to install a critical patch or risk losing control of their computers.
"It's our belief that the vulnerability is being successfully targeted," he said on Wednesday. "We're seeing continued exploitation of it" in the wild.
As a result of the activity, Symantec raised the threat level for the vulnerability from level 1, the lowest, to level 2, a medium-level threat. The highest is level 4.
In the attempted exploits, a malicious image hosted by at least three different Web sites targets the GDI stack overflow vulnerability, according to Symantec.