74 matches found
Microsoft Windows GDI+ PNG Processing Integer Overflow (MS09-062; CVE-2009-3126)
The Windows Graphics Rendering Engine is implemented via the Graphics Device Interface GDI subsystem. GDI is a Microsoft standard for representing graphical objects and outputting these representations to devices such as monitors and printers. GDI is capable of representing vector graphics, drawi...
Microsoft WMF File Polypolygon Function Buffer Overflow (MS06-026; CVE-2006-2376)
Microsoft Windows Metafile Format WMF is a proprietary standard for representing graphical objects, mainly vector based graphic. WMF is capable of representing drawing lines, polygons, curves, and fonts. A vulnerability has been discovered in the Graphics Rendering Engine GRE component of Microso...
Windows GDI Privilege Elevation
Added: 05/25/2009 CVE: CVE-2006-5758 BID: 20940 OSVDB: 30214 Background The Graphics Rendering Engine in Microsoft Windows 2000 and Windows XP maps GDI Kernel structures on a global shared memory section that is created with insecure permissions. Problem Users with local access can remap the shar...
Windows GDI Privilege Elevation
Added: 05/25/2009 CVE: CVE-2006-5758 BID: 20940 OSVDB: 30214 Background The Graphics Rendering Engine in Microsoft Windows 2000 and Windows XP maps GDI Kernel structures on a global shared memory section that is created with insecure permissions. Problem Users with local access can remap the shar...
VulnCheck KEV: CVE-2006-5758
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption http://www.zerodayinitiative.com/advisories/ZDI-08-049 August 12, 2008 -- CVE ID: CVE-2008-3021 -- Affected Vendors: Microsoft -- Affected Products: Microsoft File Format Vulnerability -- TippingPointTM IPS Customer...
Microsoft Windows Graphics Rendering Engine PICT Heap Corruption Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of PICT images in an office document. D...
iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability
iDefense Security Advisory 04.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 08, 2008 I. BACKGROUND Microsoft Windows graphics device interface GDI is the core library used to display graphics and text on the Windows operating system. It is the standard interface through which...
CVE-2007-3034
Integer overflow in the AttemptWrite function in Graphics Rendering Engine GDI on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile image with a large record length value, which triggers a heap-based buffer overflow...
CVE-2007-3034
Integer overflow in the AttemptWrite function in Graphics Rendering Engine GDI on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile image with a large record length value, which triggers a heap-based buffer overflow...
Microsoft Security Bulletin MS07-046 - Critical Vulnerability in GDI Could Allow Remote Code Execution (938829)
Microsoft Security Bulletin MS07-046 - Critical Vulnerability in GDI Could Allow Remote Code Execution 938829 Published: August 14, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves a privately reported vulnerability. A remote code execution...
CVE-2006-5586
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."...
CVE-2006-5586
CVE-2006-5586 is a GDI-based local privilege-elevation vulnerability in the Graphics Rendering Engine of Microsoft Windows 2000 SP4 and Windows XP SP2 (and related Windows variants). The flaw stems from processing invalid application window sizes when rendering layered windows, allowing a logged-...
Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability
Description Microsoft Windows Graphics Rendering Engine is prone to local privilege-escalation vulnerability. Successful exploits may result in a complete compromise of affected computers. Technologies Affected Avaya Customer Interaction Express CIE Server 1.0 Avaya Customer Interaction Express C...
CVE-2006-5758
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...
CVE-2006-5758
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...
CVE-2006-5758
CVE-2006-5758 is a local elevation of privilege vulnerability in the Windows Graphics Rendering Engine (GDI) across Windows 2000 SP4 and Windows XP SP2. The underlying issue is how GDI Kernel structures are mapped into a global shared memory section created with insecure permissions: the section ...
CVE-2006-4868
CVE-2006-4868: A stack-based buffer overflow in VGX.dll (VML processing) used by Microsoft Outlook and Internet Explorer on Windows XP SP2 enables remote code execution via a crafted VML rect tag with a long fill parameter. Affected: Internet Explorer/VML handling. Impact per sources: arbitrary c...
SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-004 Advisory Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Author : Peter Ferrie / [email protected]...
SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-004 Advisory Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Author : Peter Ferrie / [email protected]...