VULNERABILIDAD. Microsoft GDI+ EMF ‘GpFont.SetData()’ Buffer Overflow Vulnerability

Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 (‘Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability’) is now provided in this BID.

Published:       Mar 24 2009 12:00AM
Updated:           Mar 25 2009 11:06PM

REFERENCIA DE LA VULNERABILIDAD

EXPLOIT

fuente: securityfocus.com

microsoft_logo23

Anuncios

Responder

Por favor, inicia sesión con uno de estos métodos para publicar tu comentario:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s