Binary vulnerability in gdiplus.dll

gdiplus.dll is a GDI Graphics Device Interface GUI related module. A binary vulnerability exists in gdiplus.dll, which can be exploited by attackers to cause a denial of service...

Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows gdiplus EMF Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Description of the security update for the information disclosure vulnerability in Windows Embedded POSReady 2009: April 9, 2019

Description of the security update for the information disclosure vulnerability in Windows Embedded POSReady 2009: April 9, 2019 Summary An information disclosure vulnerability exists when the Windows GDI component incorrectly discloses the contents of its memory. To learn more about the...

Microsoft Windows gdiplus DoRotatedStretchBlt Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Description of the security update for the information disclosure vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: September 11, 2018

Description of the security update for the information disclosure vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: September 11, 2018 Summary An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its...

Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4015383)

This host is missing an important security update according to Microsoft Security update KB4015383 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Office PowerPoint 2010 GDI - GDI32!ConvertDxArray Insufficient Bounds Check Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=951 Platform: GDI on Windows 7 x86 reachable from Microsoft Office 2010 Class: Out of bounds memory access The following crash was observed in Microsoft Office 2010 running under...

Microsoft Office PowerPoint 2010 - GDI GDI32!ConvertDxArray Insufficient Bounds Check

Microsoft Office PowerPoint 2010 - GDI GDI32!ConvertDxArray Insufficient Bounds Check Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=951 Platform: GDI on Windows 7 x86 reachable from Microsoft Office 2010 Class: Out of bounds memory access The following crash was observed in...

Microsoft Office Word Viewer Multiple Remote Code Execution Vulnerabilities (3177393)

This host is missing a critical security update according to Microsoft Bulletin MS16-097. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GDI+ CreateDashedPath Integer Overflow in gdiplus.dll

No description provided by source. Abysssec Research 1 Advisory information Title : GDI+ CreateDashedPath Integer overflow in gdiplus.dll Discovery : Nicolas july from vupen Analysis : Abysssec.com Vendor : http://www.microsoft.com Impact : High Contact : info at abysssec.com Twitter : @abysssec...

MS Windows GDI+ - Proof of Concept (MS08-052) (2)

No description provided by source. ------------------------------------------------------------------------------------------------------------ Operating System: XP SP2 Gdiplus.dll Version: 5.1.3102.2180 Credit: John Smith, Evil Fingers GIF Template Reference:...

GDI+ CreateDashedPath Integer overflow in gdiplus.dll

Exploit for windows platform in category dos / poc 1 Advisory information Title : GDI+ CreateDashedPath Integer overflow in gdiplus.dll Discovery : Nicolas july from vupen Analysis : Abysssec.com Vendor : http://www.microsoft.com Impact : High Contact : info at abysssec.com Twitter : @abysssec CV...

GDI+ - gdiplus.dll CreateDashedPath Integer Overflow

GDI+ - gdiplus.dll CreateDashedPath Integer Overflow Abysssec Research 1 Advisory information Title : GDI+ CreateDashedPath Integer overflow in gdiplus.dll Discovery : Nicolas july from vupen Analysis : Abysssec.com Vendor : http://www.microsoft.com Impact : High Contact : info at abysssec.com...

GDI+ - 'gdiplus.dll' CreateDashedPath Integer Overflow

Abysssec Research 1 Advisory information Title : GDI+ CreateDashedPath Integer overflow in gdiplus.dll Discovery : Nicolas july from vupen Analysis : Abysssec.com Vendor : http://www.microsoft.com Impact : High Contact : info at abysssec.com Twitter : @abysssec CVE : CVE-2011-0041 2 Vulnerable...

CVE-2011-0041

CVE-2011-0041 affects gdiplus.dll (GDI+) across Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2 and Office XP SP3. Root cause: integer overflow in gdiplus!GpPath::CreateDashedPath when processing EMF/EMF+ images, enabling remote code execution. Verified references indicat...

Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries

Nuance Communications, Inc. offer on their german web page http://www.nuance.de/kostenlose-ocr-software-test/download.asp a trial version of OmniPage 16 Professional for download. The installer OPPro16TD.exe a self-extracting RAR archive was published "Tue, 30 Jun 2009 14:38:28 GMT" according to...

Vulnerable DLLs distributed with Terratec HomeCinema 6.3

Once again a sad story of poor software "engineering", missing QA and a TOTALLY unresponsive vendor. The current version 6.3 of Terratec's TV software HomeCinema http://ftp.terratec.de/Receiver/TerraTecHomeCinema/TerraTecHomeCinema6.3.exe from 2009-05-05 installs outdated and vulnerable .DLLs the...

Microsoft Windows GDI+库GPFont::SetData()函数单字节溢出漏洞

BUGTRAQ ID: 34250 CVECAN ID: CVE-2009-1217 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的GDI+函数库（gdiplus.dll）的GPFont::SetData函数中存在单字节溢出漏洞。如果用户受骗打开了 EmfPlusFontObject记录中设置有特制字体长度值的EMF图形的话，就可以触发这个溢出，导致使用该库的应用程序崩溃。以下是 Windows XP中的有漏洞代码段： define FamilyNameMax 32 ... WCHAR familyNameFamilyNameMax;...

MS Windows GDI+ Proof of Concept (MS08-052) #2

No description provided by source. ------------------------------------------------------------------------------------------------------------ Operating System: XP SP2 Gdiplus.dll Version: 5.1.3102.2180 Credit: John Smith, Evil Fingers GIF Template Reference:...