Skip to main content

Microsoft Windows GDI Overflow Vulnerability( 09 April 2008 )

Last Update Date: 28 Jan 2011 Release Date: 9 Apr 2008 4519 Views

RISK: Medium Risk

1. GDI Heap Overflow Vulnerability

A remote code execution vulnerability exists in the way that GDI handles integer calculations. The vulnerability could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

2. GDI Stack Overflow Vulnerability

A remote code execution vulnerability exists in the way that GDI handles filename parameters in EMF files. The vulnerability could allow remote code execution if a user opens a specially crafted EMF image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.