High severity8.1NVD Advisory· Published Apr 8, 2008· Updated Jun 16, 2026
CVE-2008-1083
CVE-2008-1083
Description
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
- (no CPE)range: 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Server 2008
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
20- secunia.com/advisories/29704nvdPatchVendor Advisory
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvdThird Party Advisory
- support.microsoft.com/kb/948590nvdVendor Advisory
- www.securityfocus.com/bid/28571nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/30933nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-08-020/nvdThird Party Advisory
- archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.htmlnvdBroken Link
- marc.infonvdMailing List
- www.kb.cert.org/vuls/id/632963nvdUS Government Resource
- www.osvdb.org/44213nvdBroken Link
- www.osvdb.org/44214nvdBroken Link
- www.us-cert.gov/cas/techalerts/TA08-099A.htmlnvdUS Government Resource
- www.vupen.com/english/advisories/2008/1145/referencesnvdBroken Link
- www.securityfocus.com/archive/1/490584/100/0/threadednvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/41471nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441nvd
- www.exploit-db.com/exploits/5442nvd
- www.exploit-db.com/exploits/6330nvd
News mentions
0No linked articles in our index yet.