| Check Point Reference: |
CPAI-2009-063 |
| Date Published: |
13 Apr 2009 |
| Severity: |
Medium
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Bugtraq ID: 34250 |
| Industry Reference: |
CVE-2009-1217
|
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
|
| Vulnerability Description |
A vulnerability has been reported in Microsoft Windows Graphics Device Interface (GDI). GDI is a Microsoft standard for representing graphical objects and outputting these representations to devices such as monitors and printers. The vulnerability occurs when an application that uses the affected library ('GpFont.SetData()') tries to process a specially crafted EMF image file. An attacker can exploit this vulnerability by persuading a target user to open a specially crafted EMF file. Triggering this vulnerability would result in termination of the affected application. |
| Update/Patch Avaliable | Currently the vendor has not supplied a patch. |
| Vulnerability Details | The problem is caused by improper handling of the length of EmfPlusFont in EMF files. If triggered, the vulnerability can lead to a denial of service condition. |
Feedback