Multiple vulnerabilities in Microsoft’s Graphics Device Interface (GDI), a core component of the Windows operating system responsible for rendering graphics.
These flaws, discovered by Check Point through an intensive fuzzing campaign targeting Enhanced Metafile (EMF) formats, could enable remote attackers to execute arbitrary code or steal sensitive data.
The issues were responsibly disclosed to Microsoft and patched across multiple Patch Tuesday updates in 2025, but they underscore ongoing risks in legacy graphics processing.
The vulnerabilities stem from improper handling of EMF+ records, which are used in documents and images processed by applications like Microsoft Office and web browsers.
Attackers could exploit them by tricking users into opening malicious files, such as rigged Word documents or image thumbnails, potentially leading to full system compromise without user interaction.
Check Point’s analysis, detailed in a recent blog post, emphasizes how these bugs arose from invalid rectangle objects, buffer overflows, and incomplete prior fixes, highlighting the challenges of securing deeply embedded system libraries.
