| CVE ID | CVE-2008-1083 |
| CVSS SCORE | |
| AFFECTED VENDORS |
Microsoft Microsoft Microsoft Microsoft |
| AFFECTED PRODUCTS |
Windows XP SP2 Windows 2003 SP1 Windows Vista Windows 2000 SP4 |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw exists within the parsing of malformed WMF files. A vulnerability exists in the GDI funcion CreateDIBPatternBrushPt used when processing WMF files. Due to a mis-calculation of user data a heap chunk can be under-allocated and later used resulting in a heap overflow. Successful exploitation can result in system compromise under the credentials of the currently logged in user. |
| ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx |
| DISCLOSURE TIMELINE |
|
| CREDIT | Sebastian Apelt (webmaster@buzzworld.org) |
