HTTP: EMF GDIplus GpFont.SetData Integer Overflow
This signature detects attempts to exploit a known vulnerability against the Microsoft EMF file format parser. Attackers can craft a malicious emf file, which if a user downloads, allows the attacker to execute arbitrary code in the context of the user.
Extended Description
Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file. Successfully exploiting this issue causes applications using the affected library to crash. Due to the nature of this issue, attackers may be able to execute arbitrary code in the context of the currently logged-in user; this has not been confirmed. NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 ('Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability') is now provided in this BID. UPDATE (March 26, 2009): Further analysis indicates that successful exploits will not likely result in remote code execution; the impact for this issue has been adjusted accordingly.
Affected Products
Microsoft windows_xp_professional
Short Name
HTTP:STC:DL:EMF-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-1217 EMF GDIplus GpFont.SetData Integer Overflow bid:34250
Release Date
09/22/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3