26Mar
New EMF gdiplus.dll crash not exploitable for code execution
Yesterday we noticed a blog post and securityfocus article about a potential new vulnerability in Microsoft GDI+ when parsing a specially-crafted EMF file. You might have heard about it referred to as ‘GpFont.SetData()’. We wanted to address some speculation about this EMF parsing bug. First, our initial investigation shows that it is not exploitable for code execution.