EUVD-2017-2903

Malware in sbrugna...

CVE-2022-43616

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

CVE-2017-3122

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF data related to Bezier curves. Successful...

Microsoft GDI+ - gdiplus!GetRECTSForPlayback Out-of-Bounds Read (MS17-013)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1042 We have encountered a crash in the Windows GDI+ library, in the gdiplus!GetRECTSForPlayback function, while trying to display a malformed EMF+ image file: --- 6be8.6f1c: Acces...

Microsoft GDI+ - gdiplus!GetRECTSForPlayback Out-of-Bounds Read (MS17-013)

Microsoft GDI+ - gdiplus!GetRECTSForPlayback Out-of-Bounds Read MS17-013 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1042 We have encountered a crash in the Windows GDI+ library, in the gdiplus!GetRECTSForPlayback function, while trying to display a malformed EMF+ image file...

KLA10549 Code execution vulnerability in Microsoft GC

An unspecified vulnerability was found in Microsoft products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed EMF image. Original advisories MS15-035 CVE-2015-1645 Related products...

Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12834/info Reportedly, a denial of service vulnerability affects Microsoft Windows GDI library 'gdi32.dll'. This issue is due to a failure of the application to securely copy data from malformed EMF image files. An attack...

CVE-2012-0167

Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."...

Design/Logic Flaw

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."...

CVE-2012-0167

Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."...

Microsoft GDI+ CVE-2012-0165 EMF Image Processing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability that occurs when an application using the library tries to process a specially crafted Enhanced Metafile EMF image. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently...

CVE-2011-0041

CVE-2011-0041 affects gdiplus.dll (GDI+) across Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2 and Office XP SP3. Root cause: integer overflow in gdiplus!GpPath::CreateDashedPath when processing EMF/EMF+ images, enabling remote code execution. Verified references indicat...

VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability

VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had...

Microsoft GDI+ EMF Image Processing Integer Overflow (MS11-029; CVE-2011-0041)

GDI+ is a graphics device interface that provides two-dimensional vector graphics, imaging, and typography to applications and programmers. An integer overflow vulnerability has been discovered in the way that GDI+ handles integer calculations. The vulnerability is caused by a memory corruption...

Microsoft GDI+ EMF Image Processing Integer Overflow Memory Corruption Vulnerability

Description Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted Enhanced Metafile EMF image file. An attacker can exploit this issue to execute arbitrary code with the privileges of the...

Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

This host is missing a critical security update according to Microsoft Bulletin MS07-017. OpenVAS Vulnerability Test $Id: gbms07-017.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerabilities in GDI Could Allow Remote Code Execution 925902 Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networ...

Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

This host is missing a critical security update according to Microsoft Bulletin MS07-017. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Update Protection against Microsoft Windows GDIplus GpFont.SetData Integer Overflow

A vulnerability has been reported in Microsoft Windows Graphics Device Interface GDI. GDI is a Microsoft standard for representing graphical objects and outputting these representations to devices such as monitors and printers. The vulnerability occurs when an application that uses the affected...