Google Discloses Unpatched Microsoft Vulnerability

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day...

Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Read

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple records which deal with DIBs Device Independent Bitmaps. Examples of such...

Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple records which deal with DIBs Device Independent Bitmaps. Examples of such records are EMRALPHABLEND, EMRBITBLT, EMRMASKBLT,...

Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, which are only processed if the Device Context is associated with a printer. In the code responsible for handling the...