cbcvebase.
CVE-2008-1087
published 2008-04-08

CVE-2008-1087: Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute…

PriorityP265critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
56.60%
98.9th percentile
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftwindows-nt

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6656.tgz
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5442.zip
filename2008-Gdi.tgz
filename2008-exploit_08021.zip
  • Exploit targets the EMR_COLORMATCHTOTARGETW record in EMF image files to trigger a stack-based buffer overflow in GDI32.dll via crafted filename parameters.
  • Malicious EMF files crafted to exploit this vulnerability can be detected by scanning for anomalous EMR_COLORMATCHTOTARGETW records with oversized filename parameter fields.
  • On Windows XP SP2, exploitation only causes a crash (DoS) of explorer.exe due to GS cookie protection on the vulnerable function; successful RCE is limited to unpatched Windows 2000 SP4 and XP SP1 targets.
  • ·Exploit was tested specifically against GDI32.dll version 5.1.2600.1106 (XP SP1); detection and exploitation behaviour may differ on other versions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.