9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
97.7%
Added: 04/09/2008
CVE: CVE-2008-1087
BID: 28570
OSVDB: 44215
The Windows Graphics Device Interface (GDI) interacts with graphics device drivers on behalf of applications.
A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file containing a specially crafted filename parameter.
Apply the security update referenced in Microsoft Security Bulletin 08-021.
<http://www.microsoft.com/technet/security/bulletin/MS08-021.mspx>
Exploit works on Windows 2000 and requires a user to load the exploit page in Internet Explorer 6.
Windows 2000