CVE-2016-0169

MEDIUM

Microsoft Windows - Information Disclosure via GDI Crafted Document

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0169. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates multiple heap-based out-of-bounds read vulnerabilities in GDI32.dll's handling of EMF files, specifically in the COMMENT_MULTIFORMATS record. It includes proof-of-concept EMF files that trigger integer overflow and unsanitized offset usage, leading to potential memory disclosure or crashes in applications like Internet Explorer.

Description

GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/39833

View Code ZIP pw:eip

The exploit demonstrates multiple heap-based out-of-bounds read vulnerabilities in GDI32.dll's handling of EMF files, specifically in the COMMENT_MULTIFORMATS record. It includes proof-of-concept EMF files that trigger integer overflow and unsanitized offset usage, leading to potential memory disclosure or crashes in applications like Internet Explorer.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows GDI32.dll (Windows 7)

No auth needed

Prerequisites: Victim must open a malicious EMF file in a vulnerable application (e.g., Internet Explorer)

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/89863

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1035823

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/137095/Microsoft-Windows-gdi32.dll-Data-Copy.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-055

Scores

CVSS v3 6.5

EPSS 0.4325

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (10)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_vista

Published May 11, 2016

Tracked Since Feb 18, 2026