Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.
Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.
NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 (‘Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability’) is now provided in this BID.
Published: Mar 24 2009 12:00AM
Updated: Mar 25 2009 11:06PM