Microsoft Windows GDI WMF Handling Heap Overflow Vulnerability

The Microsoft Windows GDI Graphics Rendering Engine is prone to a heap-overflow vulnerability. This issue is exposed when the component loads a specially crafted WMF (Windows Metafile) image.

If this issue is exploited, a malicious WMF or EMF file could potentially corrupt heap-based memory with attacker-supplied data. This could lead to the execution of arbitrary code and to a complete system compromise.

An attacker could exploit the issue by enticing the victim user to visit a malicious web page that contains the image or to open an email attachment that consists of the image.

This vulnerability is limited to Windows 98/98SE/ME systems.


 

Privacy Statement
Copyright 2010, SecurityFocus