Windows Graphics Vulnerabilities Allow Remote Attackers To Exe...

Multiple vulnerabilities in Microsoft’s Graphics Device Interface (GDI), a core component of the Windows operating system responsible for rendering graphics.

These flaws, discovered by Check Point through an intensive fuzzing campaign targeting Enhanced Metafile (EMF) formats, could enable remote attackers to execute arbitrary code or steal sensitive data.

The issues were responsibly disclosed to Microsoft and patched across multiple Patch Tuesday updates in 2025, but they underscore ongoing risks in legacy graphics processing.

The vulnerabilities stem from improper handling of EMF+ records, which are used in documents and images processed by applications like Microsoft Office and web browsers.

Attackers could exploit them by tricking users into opening malicious files, such as rigged Word documents or image thumbnails, potentially leading to full system compromise without user interaction.

Check Point’s analysis, detailed in a recent blog post, emphasizes how these bugs arose from invalid rectangle objects, buffer overflows, and incomplete prior fixes, highlighting the challenges of securing deeply embedded system libraries.

CVE-2025-30388, rated Important with a CVSS score of 8.8, involves out-of-bounds memory operations during the processing of records like EmfPlusDrawString and EmfPlusFillRects.

Triggered by malformed EmfPlusSetTSClip records, it allows attackers to read or write beyond allocated heap buffers, potentially leaking data or enabling code execution.

This flaw affects Windows 10 and 11, as well as Office for Mac and Android, and Microsoft deems it “Exploitation More Likely” due to its accessibility via common file formats.

The most severe, CVE-2025-53766 (Critical, CVSS 9.8), permits remote code execution through out-of-bounds writes in the ScanOperation::AlphaDivide_sRGB function.