Vulnerabilities > CVE-2009-1217 - Off-by-one Error vulnerability in Microsoft Gdi+
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Microsoft GdiPlus EMF GpFont.SetData Integer Overflow PoC. CVE-2009-1217. Dos exploit for windows platform |
| id | EDB-ID:8281 |
| last seen | 2016-02-01 |
| modified | 2009-03-24 |
| published | 2009-03-24 |
| reporter | Black Security |
| source | https://www.exploit-db.com/download/8281/ |
| title | Microsoft GdiPlus - EMF GpFont.SetData Integer Overflow PoC |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34250 CVE(CAN) ID: CVE-2009-1217 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的GDI+函数库(gdiplus.dll)的GPFont::SetData()函数中存在单字节溢出漏洞。如果用户受骗打开了 EmfPlusFontObject记录中设置有特制字体长度值的EMF图形的话,就可以触发这个溢出,导致使用该库的应用程序崩溃。以下是 Windows XP中的有漏洞代码段: #define FamilyNameMax 32 ... WCHAR familyName[FamilyNameMax]; ... length = fontData->Length; // this comes from the EMF file ... if (length > FamilyNameMax) { length = FamilyNameMax; } ... // read in the familyName/data UnicodeStringCopyCount (familyName, (WCHAR *)dataBuffer, length); familyName[length]=0 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.microsoft.com/technet/security/ target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/</a> |
| id | SSV:4997 |
| last seen | 2017-11-19 |
| modified | 2009-04-04 |
| published | 2009-04-04 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4997 |
| title | Microsoft Windows GDI+库GPFont::SetData()函数单字节溢出漏洞 |
References
- http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx
- http://www.vupen.com/english/advisories/2009/0832
- http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html
- http://www.securityfocus.com/bid/34250
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49438