header-logo
Suggest Exploit
vendor:
GdiPlus.dll
by:
redsand@blacksecurity.org
9.3
CVSS
HIGH
Stack Overflow
119
CWE
Product Name: GdiPlus.dll
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Microsoft GdiPlus.dll EMF GpFont::SetData Stack Overflow

A stack overflow vulnerability exists in Microsoft GdiPlus.dll when processing EMF files. An attacker can exploit this vulnerability by enticing a user to open a specially crafted EMF file, resulting in the execution of arbitrary code.

Mitigation:

Microsoft has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

Microsoft GdiPlus.dll EMF GpFont::SetData Stack Overflow

Write up by redsand@blacksecurity.org : http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html
Credits to mIKEJONES for providing the .EMF Crash

down: http://www.blacksecurity.org/voltage-exploit.emf
back: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/8281.emf (2009-voltage-exploit.emf)

# milw0rm.com [2009-03-24]

Navigation

Suggest Exploit

Services By CQR