Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka “GDI Heap Overflow Vulnerability.”
archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html
labs.idefense.com/intelligence/vulnerabilities/display.php?id=681
marc.info/?l=bugtraq&m=120845064910729&w=2
secunia.com/advisories/29704
support.microsoft.com/kb/948590
www.kb.cert.org/vuls/id/632963
www.osvdb.org/44213
www.osvdb.org/44214
www.securityfocus.com/archive/1/490584/100/0/threaded
www.securityfocus.com/bid/28571
www.securityfocus.com/bid/30933
www.securitytracker.com/id?1019798
www.us-cert.gov/cas/techalerts/TA08-099A.html
www.vupen.com/english/advisories/2008/1145/references
www.zerodayinitiative.com/advisories/ZDI-08-020/
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021
exchange.xforce.ibmcloud.com/vulnerabilities/41471
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441
www.exploit-db.com/exploits/5442
www.exploit-db.com/exploits/6330