Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1083

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1083
Last Modified 18 Oct 2011 12:00:00
Published 08 Apr 2008 07:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1083

Summary

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Vista

  • Microsoft Windows Vista

  • Microsoft Windows Xp

  • Microsoft Windows-nt Xp


References

CERT - TA08-099A

CERT-VN - VU#632963

BID - 28571

MS - MS08-021

SECUNIA - 29704

XF - win-emf-wmf-header-bo(41471)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-020/

VUPEN - ADV-2008-1145

SECTRACK - 1019798

BID - 30933

BUGTRAQ - 20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability

OSVDB - 44214

OSVDB - 44213

MILW0RM - 6330

MILW0RM - 5442

MSKB - 948590

HP - HPSBST02329

IDEFENSE - 20080408 Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability

HP - SSRT080048


Last Updated: 27 May 2016 10:47:28