Signature Detail

HTTP: Microsoft Windows GDI Metafile Image Handling Heap Overflow

This signature detects attempts to exploit a known vulnerability in the Microsoft Windows GDI Metafile Handler. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF or WMF image file. A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

Affected Products

• Hp storage_management_appliance 2.1
• Microsoft windows_2000_advanced_server SP4
• Microsoft windows_2000_datacenter_server SP4
• Microsoft windows_2000_professional SP4
• Microsoft windows_2000_server SP4
• Microsoft windows_server_2003 SP1
• Microsoft windows_server_2003 SP2
• Microsoft windows_server_2003_datacenter_edition SP1
• Microsoft windows_server_2003_datacenter_edition_itanium SP1
• Microsoft windows_server_2003_datacenter_x64_edition SP2
• Microsoft windows_server_2003_enterprise_edition SP1
• Microsoft windows_server_2003_enterprise_edition_itanium SP1
• Microsoft windows_server_2003_enterprise_x64_edition SP2
• Microsoft windows_server_2003_itanium SP1
• Microsoft windows_server_2003_itanium SP2
• Microsoft windows_server_2003_standard_edition SP1
• Microsoft windows_server_2003_standard_edition SP2
• Microsoft windows_server_2003_web_edition SP1
• Microsoft windows_server_2003_web_edition SP2
• Microsoft windows_server_2003_x64 SP2
• Microsoft windows_server_2008_datacenter_edition
• Microsoft windows_server_2008_enterprise_edition
• Microsoft windows_server_2008_standard_edition
• Microsoft windows_vista Business
• Microsoft windows_vista Business SP1
• Microsoft windows_vista Enterprise
• Microsoft windows_vista Enterprise SP1
• Microsoft windows_vista Home Basic
• Microsoft windows_vista Home Basic SP1
• Microsoft windows_vista Home Premium
• Microsoft windows_vista Home Premium SP1
• Microsoft windows_vista SP1
• Microsoft windows_vista Ultimate
• Microsoft windows_vista Ultimate SP1
• Microsoft windows_vista
• Microsoft windows_vista_business_64-bit_edition SP1
• Microsoft windows_vista_business_64-bit_edition
• Microsoft windows_vista_enterprise_64-bit_edition SP1
• Microsoft windows_vista_enterprise_64-bit_edition
• Microsoft windows_vista_home_basic_64-bit_edition SP1
• Microsoft windows_vista_home_basic_64-bit_edition
• Microsoft windows_vista_home_premium_64-bit_edition SP1
• Microsoft windows_vista_home_premium_64-bit_edition
• Microsoft windows_vista_ultimate_64-bit_edition SP1
• Microsoft windows_vista_ultimate_64-bit_edition
• Microsoft windows_xp_home SP2
• Microsoft windows_xp_media_center_edition SP2
• Microsoft windows_xp_professional SP2
• Microsoft windows_xp_professional_x64_edition SP2
• Microsoft windows_xp_tablet_pc_edition SP2
• Nortel_networks callpilot 1002Rp
• Nortel_networks callpilot 200I
• Nortel_networks callpilot 201I
• Nortel_networks callpilot 702T
• Nortel_networks callpilot 703T
• Research_in_motion blackberry_enterprise_server 4.0.3
• Research_in_motion blackberry_enterprise_server 4.0 SP3
• Research_in_motion blackberry_enterprise_server 4.1.3
• Research_in_motion blackberry_enterprise_server 4.1.4
• Research_in_motion blackberry_enterprise_server 4.1.5
• Research_in_motion blackberry_enterprise_server 4.1.6
• Research_in_motion blackberry_professional_software 4.1.4
• Research_in_motion blackberry_unite! 1.0
• Research_in_motion blackberry_unite! 1.0.1
• Research_in_motion blackberry_unite! 1.0.1 Bundle 36

References

• BugTraq: 28571
• BugTraq: 28570
• CVE: CVE-2008-1083
• CVE: CVE-2008-1087