CVE-2011-0041

Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2 - Remote Code Execution via Crafted EMF Image

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0041. PoCs published by Abysssec.

AI-analyzed exploit summary The writeup details an integer overflow vulnerability in GDI+ (gdiplus.dll) within the CreateDashedPath function, which can be triggered via a maliciously crafted EMF+ file. The analysis includes disassembly snippets and explanations of how floating-point calculations lead to a heap overflow, potentially allowing remote code execution or denial-of-service.

Description

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abysssec · textdoswindows

https://www.exploit-db.com/exploits/17544

View Code ZIP pw:eip

The writeup details an integer overflow vulnerability in GDI+ (gdiplus.dll) within the CreateDashedPath function, which can be triggered via a maliciously crafted EMF+ file. The analysis includes disassembly snippets and explanations of how floating-point calculations lead to a heap overflow, potentially allowing remote code execution or denial-of-service.

Classification

Writeup 90%

Attack Type

Rce | Dos

Complexity

Complex

Reliability

Theoretical

Target: Microsoft GDI+ (gdiplus.dll 5.2.6001.22319)

No auth needed

Prerequisites: A vulnerable version of gdiplus.dll · Ability to deliver a maliciously crafted EMF+ file to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-029

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11854

Scores

EPSS 0.2816

EPSS Percentile 97.9%

Details

CWE

CWE-189

Status published

Products (6)

microsoft/office xp sp3

microsoft/windows_2003_server

microsoft/windows_server_2003

microsoft/windows_server_2008 (6 CPE variants)

microsoft/windows_vista (2 CPE variants)

microsoft/windows_xp (2 CPE variants)

Published Apr 13, 2011

Tracked Since Feb 18, 2026