Lucene search

[email protected]CVE-2008-4327

HistorySep 30, 2008 - 4:13 p.m.

CVE-2008-4327

2008-09-3016:13:00

CWE-189

[email protected]

web.nvd.nist.gov

nvd

cve-2008-4327

gdiplus.dll

gdi+

microsoft windows

denial of service

divide-by-zero

application crash

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.028 Low

EPSS

Percentile

90.5%

JSON

gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq-

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	-

References

www.securityfocus.com/bid/31432

exchange.xforce.ibmcloud.com/vulnerabilities/45464

www.exploit-db.com/exploits/6588

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.028 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2008-4327

prion3 seebug2 cert1 cve2 checkpoint_advisories1 exploitpack1 exploitdb1 debiancve1 ubuntucve1 redhatcve1