NVD Vulnerability Detail

CVE-2008-1083

Summary	Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
Summary	Desbordamiento de búfer basado en memoria dinámica en la función CreateDIBPatternBrushPt en GDI en Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista y Server 2008 permite a atacantes remotos ejecutar código arbitrario a través de un archivo de imagen EMF o WMF con una cabezera mal formada que desencadena un desbordamiento de entero, vulnerabilidad también conocida como "GDI Heap Overflow Vulnerability".
Publication Date	April 9, 2008, 8:05 a.m.
Registration Date	Jan. 29, 2021, 1:32 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS3.1 : HIGH
スコア	8.1
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
cpe:2.3:o:microsoft:windows_server_2008:-::itanium:::::
cpe:2.3:o:microsoft:windows_server_2008:-::x64:::::
cpe:2.3:o:microsoft:windows_vista::::::::
cpe:2.3:o:microsoft:windows_vista:::x64:::::*
cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
cpe:2.3:o:microsoft:windows_xp::sp2::::::*

Related information, measures and tools

No	URL	refsource
1	http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html	secure@microsoft.com
2	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681	secure@microsoft.com
3	http://marc.info/?l=bugtraq&m=120845064910729&w=2	secure@microsoft.com
4	http://secunia.com/advisories/29704	secure@microsoft.com
5	http://support.microsoft.com/kb/948590	secure@microsoft.com
6	http://www.kb.cert.org/vuls/id/632963	secure@microsoft.com
7	http://www.osvdb.org/44213	secure@microsoft.com
8	http://www.osvdb.org/44214	secure@microsoft.com
9	http://www.securityfocus.com/archive/1/490584/100/0/threaded	secure@microsoft.com
10	http://www.securityfocus.com/bid/28571	secure@microsoft.com
11	http://www.securityfocus.com/bid/30933	secure@microsoft.com
12	http://www.securitytracker.com/id?1019798	secure@microsoft.com
13	http://www.us-cert.gov/cas/techalerts/TA08-099A.html	secure@microsoft.com
14	http://www.vupen.com/english/advisories/2008/1145/references	secure@microsoft.com
15	http://www.zerodayinitiative.com/advisories/ZDI-08-020/	secure@microsoft.com
16	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021	secure@microsoft.com
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/41471	secure@microsoft.com
18	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441	secure@microsoft.com
19	https://www.exploit-db.com/exploits/5442	secure@microsoft.com
20	https://www.exploit-db.com/exploits/6330	secure@microsoft.com
21	http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html	af854a3a-2127-422b-91ae-364da2661108
22	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681	af854a3a-2127-422b-91ae-364da2661108
23	http://marc.info/?l=bugtraq&m=120845064910729&w=2	af854a3a-2127-422b-91ae-364da2661108
24	http://secunia.com/advisories/29704	af854a3a-2127-422b-91ae-364da2661108
25	http://support.microsoft.com/kb/948590	af854a3a-2127-422b-91ae-364da2661108
26	http://www.kb.cert.org/vuls/id/632963	af854a3a-2127-422b-91ae-364da2661108
27	http://www.osvdb.org/44213	af854a3a-2127-422b-91ae-364da2661108
28	http://www.osvdb.org/44214	af854a3a-2127-422b-91ae-364da2661108
29	http://www.securityfocus.com/archive/1/490584/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
30	http://www.securityfocus.com/bid/28571	af854a3a-2127-422b-91ae-364da2661108
31	http://www.securityfocus.com/bid/30933	af854a3a-2127-422b-91ae-364da2661108
32	http://www.securitytracker.com/id?1019798	af854a3a-2127-422b-91ae-364da2661108
33	http://www.us-cert.gov/cas/techalerts/TA08-099A.html	af854a3a-2127-422b-91ae-364da2661108
34	http://www.vupen.com/english/advisories/2008/1145/references	af854a3a-2127-422b-91ae-364da2661108
35	http://www.zerodayinitiative.com/advisories/ZDI-08-020/	af854a3a-2127-422b-91ae-364da2661108
36	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021	af854a3a-2127-422b-91ae-364da2661108
37	https://exchange.xforce.ibmcloud.com/vulnerabilities/41471	af854a3a-2127-422b-91ae-364da2661108
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441	af854a3a-2127-422b-91ae-364da2661108
39	https://www.exploit-db.com/exploits/5442	af854a3a-2127-422b-91ae-364da2661108
40	https://www.exploit-db.com/exploits/6330	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html
2	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
cpe:2.3:o:microsoft:windows_server_2008:-::itanium:::::
cpe:2.3:o:microsoft:windows_server_2008:-::x64:::::
cpe:2.3:o:microsoft:windows_vista::::::::
cpe:2.3:o:microsoft:windows_vista:::x64:::::*
cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
cpe:2.3:o:microsoft:windows_xp::sp2::::::*