Remote Information Disclosure Vulnerability in GDI32.dll

Remote Information Disclosure Vulnerability in GDI32.dll

CVE-2017-0038 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.

Learn more about our Cis Benchmark Audit For Server Software.