CVE-2009-1217

Microsoft GDI+ - Denial of Service via Crafted EMF File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1217. PoCs published by Black Security.

AI-analyzed exploit summary This is a writeup describing a stack overflow vulnerability in Microsoft GdiPlus.dll's EMF GpFont::SetData function. It references an external EMF file that triggers the crash but does not contain exploit code itself.

Description

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Black Security · textdoswindows
https://www.exploit-db.com/exploits/8281

This is a writeup describing a stack overflow vulnerability in Microsoft GdiPlus.dll's EMF GpFont::SetData function. It references an external EMF file that triggers the crash but does not contain exploit code itself.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Microsoft GdiPlus.dll (EMF processing)
No auth needed
Prerequisites: Victim must open a malicious EMF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0832
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49438
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34250

Scores

EPSS 0.1633
EPSS Percentile 96.5%

Details

CWE
CWE-193
Status published
Products (1)
microsoft/gdi\+
Published Apr 01, 2009
Tracked Since Feb 18, 2026