Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, which are only processed if the Device Context is associated with a printer. In the code responsible for handling the...

Microsoft Windows - gdi32.dll Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)

Microsoft Windows - gdi32.dll Heap Buffer Overflow in ExtEscape Triggerable via EMREXTESCAPE EMF Record MS16-055 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, whic...

Microsoft Windows Graphics Component Information Disclosure (MS16-055: CVE-2016-0168)

A Vulnerability was discovered within Internet explorer when handling a spcially crafted EMF file allowing an information disclosure about the user filesystem. The root cause of the vulnerability is related to the CreateColorSpaceW function that tries to build a file path checking of its existanc...