Vulnerability CVE-2008-1087 - CERT Civis.Net

Vulnerability Name:

CVE-2008-1087 (CCN-41472)

Assigned:

2008-04-08

Published:

2008-04-08

Updated:

2018-10-12

Summary:

Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-1087

Source: CCN
Type: HP Security Bulletin HPSBST02329 SSRT080048 rev.1 HPSBST02329 SSRT080048 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to MS08-025

Source: HP
Type: Mailing List
SSRT080048

Source: CCN
Type: SA29704
Microsoft Windows GDI Image Parsing Buffer Overflows

Source: SECUNIA
Type: Vendor Advisory
29704

Source: CCN
Type: SECTRACK ID: 1019798
Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-157
MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008770, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-021

Source: CCN
Type: NORTEL BULLETIN ID: 2008008788, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft April security bulletin

Source: CCN
Type: IBM Internet Security Systems Protection Alert, April 8, 2008
Microsoft GDI Remote Code Execution

Source: CCN
Type: Microsoft Security Bulletin MS08-021
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Source: CCN
Type: Microsoft Security Bulletin MS08-071
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

Source: OSVDB
Type: Broken Link
44215

Source: CCN
Type: OSVDB ID: 44215
Microsoft Windows GDI EMF Filename Parameter Handling Overflow

Source: BID
Type: Patch
28570

Source: CCN
Type: BID-28570
Microsoft Windows GDI 'EMR_COLORMATCHTOTARGETW' Stack Overflow Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1019798

Source: CERT
Type: Third Party Advisory, US Government Resource
TA08-099A

Source: VUPEN
Type: Broken Link
ADV-2008-1145

Source: MS
Type: UNKNOWN
MS08-021

Source: XF
Type: UNKNOWN
win-emf-file-name-bo(41472)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5580

Source: EXPLOIT-DB
Type: UNKNOWN
5442

Source: EXPLOIT-DB
Type: UNKNOWN
6656

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows-nt:2008:*:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:2008:*:x32:*:*:*:*:*

OR cpe:/o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:5580	V	GDI stack Overflow Vulnerability	2011-11-14