QwikSec

Security Database

CVE

CWE

Training

CVE-2009-1217

Published: Apr 1, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html

x_refsource_MISC

win-gdi-emfplusfont-dos(49438)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.