Security alert infographic: Windows icon with EMF arrows leading to code execution; protective shields for patches and sandboxes, with "Update Your System" warning banner over a file icon.

Multiple vulnerabilities in Microsoft's Graphics Device Interface (GDI) allow remote attackers to execute arbitrary code or steal data via malicious EMF files. Discovered by Check Point through fuzzing, these flaws affect Windows 10/11 and Office, with CVEs including CVE-2025-53766 (CVSS 9.8) for out-of-bounds writes.

Security alert infographic: Windows icon with EMF arrows leading to code execution; protective shields for patches and sandboxes, with "Update Your System" warning banner over a file icon.Security alert infographic: Windows icon with EMF arrows leading to code execution; protective shields for patches and sandboxes, with "Update Your System" warning banner over a file icon.

Exploited by opening rigged documents or images, they stem from improper EMF+ record handling, enabling heap overflows and data leaks. Microsoft patched them in 2025 updates, but unpatched systems remain at risk.

Security alert infographic: Windows icon with EMF arrows leading to code execution; protective shields for patches and sandboxes, with "Update Your System" warning banner over a file icon.Security alert infographic: Windows icon with EMF arrows leading to code execution; protective shields for patches and sandboxes, with "Update Your System" warning banner over a file icon.

Protect yourself: Apply updates immediately, disable EMF rendering in untrusted contexts, and use sandboxed viewers. This highlights the dangers in legacy graphics processing.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security