From reading about previous GDI+ vulnerability reports (such as JPEG overflow) I got an impression that Internet Explorer was using GDI+ to decode images. However, looking at the newfound GDI+ ICO vulnerability, I noticed that the PoC

http://www.securityfocus.com/data/vulnerabilities/exploits/24...

[ more ]