Vulnerability Description
Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Gdi\+ | - |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.htBroken Link
- http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exBroken Link
- http://www.securityfocus.com/bid/34250Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2009/0832Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49438Third Party AdvisoryVDB Entry
- http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.htBroken Link
- http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exBroken Link
- http://www.securityfocus.com/bid/34250Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2009/0832Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49438Third Party AdvisoryVDB Entry
FAQ
What is CVE-2009-1217?
CVE-2009-1217 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via ...
How severe is CVE-2009-1217?
CVE-2009-1217 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1217?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Gdi\+, Microsoft Windows Xp.