cbcvebase.
CVE-2008-1083
published 2008-04-08

CVE-2008-1083: Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server…

PriorityP268high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
56.83%
98.9th percentile
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6330.rar
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6656.tgz
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5442.zip
  • Look for malformed EMF or WMF image files with crafted headers that trigger an integer overflow in CreateDIBPatternBrushPt, leading to a heap-based buffer overflow in GDI32.dll.
  • Monitor for crashes or silent termination of Explorer.exe and Internet Explorer when processing EMF/WMF files, which may indicate exploitation attempts against CVE-2008-1083.
  • Detect EMF files containing the EMR_COLORMATCHTOTARGETW record type with oversized or malformed data, associated with the second vulnerability in MS08-021.
  • ·The CreateDIBPatternBrushPt heap overflow PoC (exploit 6330) was noted as a work-in-progress and only demonstrated a crash, not arbitrary code execution, at time of publication.

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.