RULE(RULE ID:321573)

Rule General Information
Release Date: 2018-07-23
Rule Name: Microsoft Windows GDIplus GpFont.SetData Integer Overflow vulnerability -1 (CVE-2009-1217)
Severity:
CVE ID:
Rule Protection Details
Description: Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."
Impact: An attacker can exploit the affected software with a integer overflow vulnerability. Successful exploit leads to execute arbitrary code, and failed exploit may disturb the software logic and cause denial of service.
Affected OS: Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android
Reference: http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html
http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx
SecurityFocusBID:34250
http://www.vupen.com/english/advisories/2009/0832
https://exchange.xforce.ibmcloud.com/vulnerabilities/49438
Solutions
No information about possible solutions is published. Please use an alternative product to substitude the affected software.