Back to search
CVE-2008-1083
Published: Apr 8, 2008
Modified: Oct 15, 2024
PUBLISHED
Description
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
30933
vdb-entry
x_refsource_BID
TA08-099A
third-party-advisory
x_refsource_CERT
44213
vdb-entry
x_refsource_OSVDB
SSRT080048
vendor-advisory
x_refsource_HP
ADV-2008-1145
vdb-entry
x_refsource_VUPEN
948590
vendor-advisory
x_refsource_MSKB
20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability
mailing-list
x_refsource_FULLDISC
20080408 Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability
third-party-advisory
x_refsource_IDEFENSE
MS08-021
vendor-advisory
x_refsource_MS
HPSBST02329
vendor-advisory
x_refsource_HP
44214
vdb-entry
x_refsource_OSVDB
http://www.zerodayinitiative.com/advisories/ZDI-08-020/
x_refsource_MISC
VU#632963
third-party-advisory
x_refsource_CERT-VN
20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability
mailing-list
x_refsource_BUGTRAQ
5442
exploit
x_refsource_EXPLOIT-DB
6330
exploit
x_refsource_EXPLOIT-DB
win-emf-wmf-header-bo(41471)
vdb-entry
x_refsource_XF
1019798
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:5441
vdb-entry
signature
x_refsource_OVAL
28571
vdb-entry
x_refsource_BID
29704
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now