virus logo Intrusion Prevention

MS.GDI+.DLL.EMF.GpFont.SetData.Stack.Overflow

description-logoDescription

This indicates an attack attempt to exploit a denial of service (DoS) vulnerability in Microsoft windows.
This vulnerability is caused by an error when the Gdiplus.dll is parsing an EMF file including malformed "EmfPlusFont" Object . It allows a remote attacker to crash the vulnerable software via sending a crafted EMF file.

affected-products-logoAffected Products

Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP2
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition 0
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition 0
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition 0
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition 0
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Business 64-bit edition 0
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Ultimate
Microsoft Windows Vista SP 1
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Business
Microsoft Windows Vista 0
Microsoft Windows Server 2008 Standard Edition 0
Microsoft Windows Server 2008 Enterprise Edition 0
Microsoft Windows Server 2008 Datacenter Edition 0
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 x64 SP1
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Itanium SP1
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-11-22 15.729 Name:MS.
GdiPlus.
Dll.
EMF.
GpFont.
SetData.
Stack.
Overflow:MS.
GDI+.
DLL.
EMF.
GpFont.
SetData.
Stack.
Overflow
ID 17341
Created Apr 16, 2009
Updated Nov 03, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2009-1217
Exploit Prediction Score 96.5%
Default Action drop
Active
Affected OS Windows
Affected App Other