Vulnerability Name: CVE-2008-1083 (CCN-41471) Assigned: 2008-04-08 Published: 2008-04-08 Updated: 2018-10-30 Summary: Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: FULLDISC Type: Broken Link20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability Source: MITRE Type: CNACVE-2008-1083 Source: CCN Type: HP Security Bulletin HPSBST02329 SSRT080048 rev.1
HPSBST02329 SSRT080048 rev.1Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to MS08-025 Source: IDEFENSE Type: Third Party Advisory20080408 Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability Source: HP Type: Mailing ListSSRT080048 Source: CCN Type: SA29704Microsoft Windows GDI Image Parsing Buffer Overflows Source: SECUNIA Type: Patch, Vendor Advisory29704 Source: CCN Type: SECTRACK ID: 1019798Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code Source: CCN Type: ASA-2008-157MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590) Source: MSKB Type: Vendor Advisory948590 Source: CCN Type: NORTEL BULLETIN ID: 2008008770, Rev 1Nortel Response to Microsoft Security Bulletin MS08-021 Source: CCN Type: NORTEL BULLETIN ID: 2008008788, Rev 1Centrex IP Client Manager (CICM) response to Microsoft April security bulletin Source: CCN Type: IBM Internet Security Systems Protection Alert, April 8, 2008Microsoft GDI Remote Code Execution Source: CCN Type: US-CERT VU#632963Microsoft GDI buffer overflow vulnerability Source: CERT-VN Type: US Government ResourceVU#632963 Source: CCN Type: Microsoft Security Bulletin MS08-021Vulnerabilities in GDI Could Allow Remote Code Execution (948590) Source: CCN Type: Microsoft Security Bulletin MS08-071Vulnerabilities in GDI Could Allow Remote Code Execution (956802) Source: OSVDB Type: Broken Link44213 Source: OSVDB Type: Broken Link44214 Source: CCN Type: OSVDB ID: 44213Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows Source: CCN Type: OSVDB ID: 44214Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow Source: BUGTRAQ Type: UNKNOWN20080408 ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability Source: BID Type: Third Party Advisory, VDB Entry28571 Source: CCN Type: BID-28571Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability Source: BID Type: Third Party Advisory, VDB Entry30933 Source: CCN Type: BID-30933Retired: Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1019798 Source: CERT Type: US Government ResourceTA08-099A Source: VUPEN Type: Broken LinkADV-2008-1145 Source: MISC Type: Third Party Advisoryhttp://www.zerodayinitiative.com/advisories/ZDI-08-020/ Source: MS Type: UNKNOWNMS08-021 Source: XF Type: UNKNOWNwin-emf-wmf-header-bo(41471) Source: XF Type: UNKNOWNwin-emf-wmf-header-bo(41471) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 04.08.08Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:5441 Source: EXPLOIT-DB Type: UNKNOWN5442 Source: EXPLOIT-DB Type: UNKNOWN6330 Source: CCN Type: ZDI-08-020Microsoft GDI WMF Parsing Heap Overflow Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:* Denotes that component is vulnerable
Oval Definitions BACK
microsoft windows 2000 * sp4
microsoft windows 2003 server *
microsoft windows 2003 server * sp1
microsoft windows 2003 server * sp1
microsoft windows 2003 server * sp2
microsoft windows 2003 server * sp2
microsoft windows 2003 server * sp2
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows vista *
microsoft windows vista *
microsoft windows vista - sp1
microsoft windows vista - sp1
microsoft windows xp * sp2
microsoft windows 2000 - sp4
microsoft windows 2003_server
microsoft windows xp sp2
microsoft windows 2003_server sp1
microsoft windows 2003_server sp1_itanium
microsoft windows vista *
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows vista -
microsoft windows xp sp2
microsoft windows vista - sp1
microsoft windows vista - sp1
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows server 2008 *