Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Service Pack 2
Microsoft Windows vista Gold (not an official CPE)
Microsoft Windows xp Pro x64 (not an official CPE)
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 1 x64 (64-bit)
Microsoft Windows Vista x64 (64-bit)
Microsoft Windows Server 2008 x64 (64-bit)
Microsoft Windows server 2008 X32 (not an official CPE)
Microsoft Windows server 2003 X64 (not an official CPE)
Microsoft Windows Server 2008 Itanium
Microsoft Windows server 2003 Sp1 Itanium (not an official CPE)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows 2003 Server Service Pack 2 x64 (64-bit)
Microsoft Windows 2003 Server Service Pack 2
Microsoft Windows xp Sp2 Pro x64 (not an official CPE)
Microsoft Windows 2003 Server Service Pack 1
Microsoft Windows 2000 Service Pack 4
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| MS08-071 | |||
| 1021365 | |||
| ADV-2008-3383 | |||
| TA08-344A | |||
| 20081209 Microsoft Windows Graphics Device Interface Int... |