CVE-2008-1083

Description

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."

Related CPE's

omicrosoftwindows_server_2008-*x64*****

omicrosoftwindows_2003_server*sp2x64*****

omicrosoftwindows_xp*sp2******

omicrosoftwindows_vista********

omicrosoftwindows_2000*sp4******

omicrosoftwindows_vista-sp1******

omicrosoftwindows_vista**x64*****

omicrosoftwindows_2003_server*sp1******

omicrosoftwindows_2003_server*sp1itanium*****

omicrosoftwindows_server_2008-*itanium*****

References

28571

Third Party AdvisoryVDB Entry

1019798

Third Party AdvisoryVDB Entry

29704

PatchVendor Advisory

20080408 Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability

Third Party Advisory

TA08-099A

US Government Resource

VU#632963

US Government Resource

20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability

Broken Link

http://www.zerodayinitiative.com/advisories/ZDI-08-020/

Third Party Advisory

44213

Broken Link

44214

Broken Link

30933

Third Party AdvisoryVDB Entry

948590

Vendor Advisory

SSRT080048

Mailing List

ADV-2008-1145

Broken Link

win-emf-wmf-header-bo(41471)

6330

5442

oval:org.mitre.oval:def:5441

20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability

MS08-021

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io