Описание
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
Ссылки
- Broken Link
- Third Party Advisory
- Mailing List
- PatchVendor Advisory
- Vendor Advisory
- US Government Resource
- Broken Link
- Broken Link
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- US Government Resource
- Broken Link
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.64187
Средний
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-119
CWE-190
Связанные уязвимости
CVSS3: 8.1
github
почти 4 года назад
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
EPSS
Процентиль: 98%
0.64187
Средний
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-119
CWE-190