Lucene search

[email protected]NVD:CVE-2008-1083

HistoryApr 08, 2008 - 11:05 p.m.

CVE-2008-1083

2008-04-0823:05:00

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.656 Medium

EPSS

Percentile

97.9%

JSON

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka “GDI Heap Overflow Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2000sp4

microsoftwindows_2003_serverx64

microsoftwindows_2003_serversp1

microsoftwindows_2003_serversp1itanium

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_2003_serversp2x64

microsoftwindows_server_2008Match-itanium

microsoftwindows_server_2008Match-x64

microsoftwindows_vista

microsoftwindows_vistax64

microsoftwindows_vistaMatch-sp1

microsoftwindows_xpsp2

References

archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html

labs.idefense.com/intelligence/vulnerabilities/display.php?id=681

marc.info/?l=bugtraq&m=120845064910729&w=2

secunia.com/advisories/29704

support.microsoft.com/kb/948590

www.kb.cert.org/vuls/id/632963

www.osvdb.org/44213

www.osvdb.org/44214

www.securityfocus.com/archive/1/490584/100/0/threaded

www.securityfocus.com/bid/28571

www.securityfocus.com/bid/30933

www.securitytracker.com/id?1019798

www.us-cert.gov/cas/techalerts/TA08-099A.html

www.vupen.com/english/advisories/2008/1145/references

www.zerodayinitiative.com/advisories/ZDI-08-020/

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021

exchange.xforce.ibmcloud.com/vulnerabilities/41471

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441

www.exploit-db.com/exploits/5442

www.exploit-db.com/exploits/6330

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.656 Medium

EPSS

Percentile

97.9%

JSON

Related for NVD:CVE-2008-1083

prion1 cvelist1 seebug1 zdi1 securityvulns5 checkpoint_advisories1 cve1 cert1 nessus1