Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0041 — Microsoft Office vulnerability

CWE-1894 documents4 sources

Severity

9.3CRITICALNVD

EPSS

54.2%

top 1.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Office

Timeline

PublishedApr 13

Latest updateMay 3

Description

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/officexp

🔴Vulnerability Details

GHSA

GHSA-56wv-frpg-f7cc: Integer overflow in gdiplus↗2022-05-03

▶

💥Exploits & PoCs

Exploit-DB

GDI+ - 'gdiplus.dll' CreateDashedPath Integer Overflow↗2011-07-18

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 04-12-2011↗

▶