Lucene search

SAINT CorporationSAINT:6525BDDC63D33E78EDB9B62CF667AFAA

HistoryApr 09, 2008 - 12:00 a.m.

Windows GDI EMF filename buffer overflow

2008-04-0900:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.713 High

EPSS

Percentile

97.7%

JSON

Added: 04/09/2008
CVE: CVE-2008-1087
BID: 28570
OSVDB: 44215

Background

The Windows Graphics Device Interface (GDI) interacts with graphics device drivers on behalf of applications.

Problem

A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file containing a specially crafted filename parameter.

Resolution

Apply the security update referenced in Microsoft Security Bulletin 08-021.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-021.mspx>

Limitations

Exploit works on Windows 2000 and requires a user to load the exploit page in Internet Explorer 6.

Platforms

Windows 2000

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.713 High

EPSS

Percentile

97.7%

JSON

Related for SAINT:6525BDDC63D33E78EDB9B62CF667AFAA