CVE-2009-1217

EPSS

46.23%V4

Vector

Network

Published

2009-04-01
15h00 +00:00

Modified

2017-08-16
12h57 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

List of Notifications

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CVE Descriptions

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-193	Off-by-one Error A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4.3		AV:N/AC:M/Au:N/C:N/I:N/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	13.08%	–	–
2022-02-13	–	–	13.08%	–	–
2022-04-03	–	–	13.08%	–	–
2022-07-17	–	–	2.1%	–	–
2022-07-24	–	–	13.08%	–	–
2022-10-23	–	–	13.08%	–	–
2023-01-01	–	–	13.08%	–	–
2023-02-26	–	–	13.08%	–	–
2023-03-12	–	–	–	96.97%	–
2023-08-20	–	–	–	96.83%	–
2023-10-01	–	–	–	96.71%	–
2023-11-12	–	–	–	96.5%	–
2024-01-28	–	–	–	96.5%	–
2024-06-02	–	–	–	96.5%	–
2024-10-13	–	–	–	96.23%	–
2024-11-17	–	–	–	96.31%	–
2024-12-22	–	–	–	89.77%	–
2025-01-26	–	–	–	90.44%	–
2025-01-19	–	–	–	89.77%	–
2025-02-02	–	–	–	90.44%	–
2025-03-18	–	–	–	–	46.23%
2025-03-18	–	–	–	–	46.23,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	9%
2022-02-13	91%
2022-04-03	95%
2022-07-17	79%
2022-07-24	95%
2022-10-23	96%
2023-01-01	95%
2023-02-26	96%
2023-03-12	1%
2023-08-20	1%
2023-10-01	1%
2023-11-12	99%
2024-01-28	1%
2024-06-02	1%
2024-10-13	1%
2024-11-17	1%
2024-12-22	99%
2025-01-26	99%
2025-01-19	99%
2025-02-02	99%
2025-03-18	97%
2025-03-18	97%

Exploit information

Exploit Database EDB-ID : 8281

Publication date : 2009-03-23 23h00 +00:00
Author : Black Security
EDB Verified : Yes

Microsoft GdiPlus.dll EMF GpFont::SetData Stack Overflow Write up by redsand@blacksecurity.org : http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html Credits to mIKEJONES for providing the .EMF Crash down: http://www.blacksecurity.org/voltage-exploit.emf back: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/8281.emf (2009-voltage-exploit.emf) # milw0rm.com [2009-03-24]