Home

Microsoft GDI Remote Code Execution

Notification Type:	IBM Internet Security Systems Protection Alert
Notification Date:	April 08, 2008
Notification Version:	1.0

Name:	Microsoft GDI Remote Code Execution
Public disclosure/ In the wild date:	April 08, 2008 (vuln disclosure)
Aliases:	MS08-021
CVE:	CVE-2008-1083 and CVE-2008-1087
Description:	Microsoft Windows graphic device interface (GDI) is vulnerable to multiple buffer overflows.

ISS Coverage

Product	Content Version
Proventia Network IDS Proventia Network IPS Proventia Network MFS Proventia Server (Linux) RealSecure Network RealSecure Server Sensor	28.050
Proventia Desktop Proventia Server IPS (Windows)	2190

Propagation Techniques	ISS Protection	Available
remote exploit	Image_EMF_GDI_Header_Overflow Image_EMF_GDI_Filename_Overflow	April 8, 2008

Detailed Description

Business Impact:	By persuading a victim to open a specially-crafted EMF or WMF file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS	Base Score:		9.3
		Access Vector:	Network
		Access Complexity:	Medium
		Authentication:	None
		Confidentiality Impact:	Complete
		Integrity Impact:	Complete
		Availability Impact:	Complete

	Adjusted Temporal Score:		6.9
		Exploitability:	Unproven
		Remediation Level:	Official-Fix
		Report Confidence:	Confirmed
Affected Products:	For a full list of affected versions, see references below.
Technical Description:	Microsoft Windows graphic device interface (GDI) is vulnerable to heap-based and a stack-based buffer overflows, caused by improper bounds checking of EMF and WMF image file headers and EMF image filename parameters.
Remediation:	Patches are available for this issue. See References for details.

References

XFDB:	http://xforce.iss.net/xforce/xfdb/41471 http://xforce.iss.net/xforce/xfdb/41472
Microsoft:	http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx

Revision History

1.0	Initial publication.

About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.