An information disclosure vulnerability exists in Microsoft Windows gdi32.dll. A remote attacker can exploit this vulnerability by sending the target user a malicious file. Successful exploitation could result in an out-of-bounds read and access to private user data.