CVE-2011-5046

Microsoft Windows GDI - Remote Code Execution via IFRAME Height Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5046. PoCs published by webDEViL.

AI-analyzed exploit summary This exploit triggers a Blue Screen of Death (BSoD) in Windows 7 x64 via a malformed iframe height attribute, causing a page fault in the win32k.sys driver during GDI operations. The stack trace confirms the crash occurs in NtGdiDrawStream due to improper memory handling.

Description

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by webDEViL · textdoswindows_x86-64
https://www.exploit-db.com/exploits/18275

This exploit triggers a Blue Screen of Death (BSoD) in Windows 7 x64 via a malformed iframe height attribute, causing a page fault in the win32k.sys driver during GDI operations. The stack trace confirms the crash occurs in NtGdiDrawStream due to improper memory handling.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows 7 x64 (with Safari)
No auth needed
Prerequisites: Target must be running Windows 7 x64 and have Safari installed · Victim must visit a webpage containing the malicious iframe
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-045A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71873
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77908
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14603
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47237
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18275
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026450

Scores

EPSS 0.4546
EPSS Percentile 98.6%

Details

CWE
CWE-20
Status published
Products (6)
microsoft/windows_7
microsoft/windows_server_2003
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 (2 CPE variants)
microsoft/windows_vista
microsoft/windows_xp (2 CPE variants)
Published Dec 30, 2011
Tracked Since Feb 18, 2026