Written by firstname.lastname@example.org
Thursday, 26 March 2009 22:53
Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
Boundary Condition Error
Mar 24 2009 12:00AM
Mar 26 2009 08:56PM
Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application
that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.
Successfully exploiting this issue causes applications using the affected library to crash. Due to
the nature of this issue, attackers may be able to execute arbitrary code in the context of the
currently logged-in user; this has not been confirmed.
NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and
has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019
('Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability') is now provided
in this BID.
UPDATE (March 26, 2009): Further analysis indicates that successful exploits are unlikely to result
in remote code execution; the impact for this issue has been adjusted accordingly.
The following EMF file is available. Note that Symantec has not tested or verified this exploit.
Always use caution when handling exploits.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if
you are aware of more recent information, please mail us at:
--Microsoft GdiPlus EMF GpFont.SetData Integer Overflow