CVE-2008-1083
Title: Microsoft Windows 2003 Server RCE
Memory Corruption
Proof Of Concept
PoC Available for CVE-2008-1083
CWE Category
CWE-190
Published Date
Apr 08, 2008
Modified Date
Jun 16, 2026
Exploit Status
Available
Score
8.1
CVSS v3.1
Exploit Probability (EPSS)
57.10%
Vulnerability Summary
CVE-2008-1083: Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
Impacted Vendors
Reference Links
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681
http://marc.info/?l=bugtraq&m=120845064910729&w=2
http://secunia.com/advisories/29704
http://support.microsoft.com/kb/948590
http://www.kb.cert.org/vuls/id/632963
http://www.osvdb.org/44213
http://www.osvdb.org/44214
http://www.securityfocus.com/archive/1/490584/100/0/threaded
http://www.securityfocus.com/bid/28571
http://www.securityfocus.com/bid/30933
http://www.securitytracker.com/id?1019798
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
http://www.vupen.com/english/advisories/2008/1145/references
http://www.zerodayinitiative.com/advisories/ZDI-08-020/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021
https://exchange.xforce.ibmcloud.com/vulnerabilities/41471
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441
https://www.exploit-db.com/exploits/5442
https://www.exploit-db.com/exploits/6330
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681
http://marc.info/?l=bugtraq&m=120845064910729&w=2
http://secunia.com/advisories/29704
http://support.microsoft.com/kb/948590
http://www.kb.cert.org/vuls/id/632963
http://www.osvdb.org/44213
http://www.osvdb.org/44214
http://www.securityfocus.com/archive/1/490584/100/0/threaded
http://www.securityfocus.com/bid/28571
http://www.securityfocus.com/bid/30933
http://www.securitytracker.com/id?1019798
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
http://www.vupen.com/english/advisories/2008/1145/references
http://www.zerodayinitiative.com/advisories/ZDI-08-020/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021
https://exchange.xforce.ibmcloud.com/vulnerabilities/41471
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441
https://www.exploit-db.com/exploits/5442
https://www.exploit-db.com/exploits/6330
CVSS v3.1
Source Entity
134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity
HIGH
8.1
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
9.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:M/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2008-1083 Exploits & PoCs (Proof Of Concept)
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Stack
No specific products linked.