Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerabilities by introducing proper data validations within GDI+ when rendering WMF images, modifying the way that GDI+ manages a heap buffer when reading a PNG file, modifying the way that GDI+ allocates a buffer used when reading TIFF files, This update modifies the way that GDI+ manages buffers when certain .NET API calls are made, modifying the way that GDI+ calculates the required size of a buffer while parsing a PNG image, , and modifying the way that Microsoft Office opens specially crafted files. Keep reading →

For Windows Vista, this update gives a per format switch to control the parsing of each file format in GDI+. As a part of this release, a new feature is added to GDI+. This new feature enables you to control the parsing of different codecs. The idea behind the feature is to control the attack surface area. This feature is controlled by using different registry entries that are part of this update. By changing these registry entries, you can control which images are parsed and rendered and which images are rejected in GDI+. For example, you can select to parse and render Joint Photographic Experts Group (JPEG) images, but block Tagged Image File Format (TIFF) images.

On a computer that is running Windows Vista or Windows Server 2008, you use the Application Verifier (AppVerifier) runtime verification tool to test a Microsoft GDI+ program. However, you experience multiple first chance exception errors. Additionally, the GDI+ program may close unexpectedly.

This problem also occurs with programs that are used to trace exceptions in other applications, such as AppSight.

Description: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. The security update addresses the vulnerabilities by validating input passed from user mode through the kernel component of GDI, correcting the way that the kernel validates handles, and changing the way that the Windows kernel handles specially crafted invalid pointers. Keep reading →

When you use the Application Verifier (AppVerifier) runtime verification tool to test a Microsoft GDI+ program, you experience many first chance exception errors. Additionally, the GDI+ program may close unexpectedly.

Description: This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerabilities by modifying the way GDI validates file size parameters and performs integer calculations to prevent overflow conditions. Keep reading →

Consider the following scenario. You develop an application that uses Microsoft Windows GDI+ API functions. You use the application in Windows Server 2008, in Windows Vista, in Windows Server 2003, or in Windows XP. In this scenario, when you use the application to display or to print Japanese full-width (zenkaku) characters, the Unicode hyphen character (U+2010) is not drawn.

For example, you use a hyphen (-) to separate some digits as follows:

1-2-3A

However, when the characters are displayed or printed by the application that uses GDI+ API functions, you see the following string:

123A

Note: This problem does not occur when the application uses Graphics Device Interface (GDI) API functions.

Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerabilities by modifying the way that GDI+ handles viewing malformed images. Keep reading →

Consider the following scenario:

1. An application uses GDI+ to print images to a color printer in one of the following Microsoft operating systems:
   • Windows Server 2003
   • Windows Vista
   • Windows Server 2008
2. The printer uses an Image Color Matching (ICM) color profile for color matching.

In this scenario, the color profile is not applied to the output. This may cause the colors of the image that is printed to differ from your expectations.

Note: This problem does not occur on Windows XP-based computers.

Description: This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Keep reading →