CVE-2008-2160 — Code Injection in Microsoft Windows Embedded Compact

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

43.8%

top 2.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Embedded Compact

Timeline

PublishedMay 12

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_embedded_compact5.0

🔴Vulnerability Details

GHSA

GHSA-g4j5-mvhr-vgwr: Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5↗2022-05-01

▶

📄Research Papers

arXiv

Assessing the Effectiveness of Attack Detection at a Hackfest on Industrial Control Systems↗2018-09-13

▶