High severity8.1NVD Advisory· Published Apr 8, 2008· Updated Apr 23, 2026

CVE-2008-1083

Description

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."

Affected products

Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Microsoft/Windows 2003 Server6 versions
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
Microsoft/Windows Server 20082 versions
cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*
Microsoft/Windows Vista3 versions
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
Microsoft/Windows Xp
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/29704nvdPatchVendor Advisory
labs.idefense.com/intelligence/vulnerabilities/display.phpnvdThird Party Advisory
support.microsoft.com/kb/948590nvdVendor Advisory
www.securityfocus.com/bid/28571nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/30933nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-08-020/nvdThird Party Advisory
archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.htmlnvdBroken Link
marc.infonvdMailing List
www.kb.cert.org/vuls/id/632963nvdUS Government Resource
www.osvdb.org/44213nvdBroken Link
www.osvdb.org/44214nvdBroken Link
www.us-cert.gov/cas/techalerts/TA08-099A.htmlnvdUS Government Resource
www.vupen.com/english/advisories/2008/1145/referencesnvdBroken Link
www.securityfocus.com/archive/1/490584/100/0/threadednvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021nvd
exchange.xforce.ibmcloud.com/vulnerabilities/41471nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441nvd
www.exploit-db.com/exploits/5442nvd
www.exploit-db.com/exploits/6330nvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.042
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000