Microsoft Windows 11
Moderate fix2 remedies
cpe:2.3:o:microsoft:windows_11:*:*:*:*:*:*:*
Moderate fix2 remedies
Microsoft Windows GDI Heap-Based Buffer Overflow Vulnerability Allowing Local Code Execution
Vulnerability
Patched
A heap-based buffer overflow vulnerability has been identified in the Windows Graphics Device Interface (GDI). This vulnerability allows an unauthorized attacker to execute code locally. The issue arises when the affected graphics functionality processes a specially crafted Enhanced Metafile (EMF) file, which can be exploited by the attacker.
Impact
Exploitation of this vulnerability could lead to unauthorized local code execution.
Reproduction
To reproduce this vulnerability, a user must open or process a specially crafted Enhanced Metafile (EMF) file using Microsoft Paint. This action will trigger the affected graphics functionality in Windows, allowing the exploitation of the buffer overflow vulnerability.
Remediation
Users can apply the security update for this vulnerability, which is available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5089548, KB5087420, KB5087538, KB5087471, and KB5087539.
Added: May 12, 2026, 7:52 PM
Updated: May 12, 2026, 7:52 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
7.5exploitability
4.0remediation
7.7relevance
8.1threat
1.6urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.