Microsoft Windows 'GPFont::SetData()'函数单字节溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117509 漏洞类型 数字错误
发布时间 2009-03-24 更新时间 2009-04-13
CVE编号 CVE-2009-1217 CNNVD-ID CNNVD-200904-019
漏洞平台 Windows CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/8281
https://www.securityfocus.com/bid/34250
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-019
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。Windows的GDI+函数库(gdiplus.dll)的GPFont::SetData()函数中存在单字节溢出漏洞。如果用户受骗打开了EmfPlusFontObject记录中设置有特制字体长度值的EMF图形的话,就可以触发这个溢出,导致使用该库的应用程序崩溃。
|漏洞EXP
Microsoft GdiPlus.dll EMF GpFont::SetData Stack Overflow

Write up by redsand@blacksecurity.org : http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html
Credits to mIKEJONES for providing the .EMF Crash

down: http://www.blacksecurity.org/voltage-exploit.emf
back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/8281.emf (2009-voltage-exploit.emf)

# milw0rm.com [2009-03-24]
|受影响的产品
Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edit
|参考资料

来源:XF
名称:win-gdi-emfplusfont-dos(49438)
链接:http://xforce.iss.net/xforce/xfdb/49438
来源:VUPEN
名称:ADV-2009-0832
链接:http://www.vupen.com/english/advisories/2009/0832
来源:BID
名称:34250
链接:http://www.securityfocus.com/bid/34250
来源:blogs.technet.com
链接:http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx
来源:MISC
链接:http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html