Vulnerability Report

CVE-2008-1083

Title: Microsoft Windows 2003 Server RCE

Memory Corruption

Proof Of Concept

PoC Available for CVE-2008-1083

CWE Category CWE-190
Published Date Apr 08, 2008
Modified Date Jun 16, 2026
Exploit Status Available
Score 8.1 CVSS v3.1
Exploit Probability (EPSS)
57.10%

Vulnerability Summary

CVE-2008-1083: Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."

Impacted Vendors

Reference Links

http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681 http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29704 http://support.microsoft.com/kb/948590 http://www.kb.cert.org/vuls/id/632963 http://www.osvdb.org/44213 http://www.osvdb.org/44214 http://www.securityfocus.com/archive/1/490584/100/0/threaded http://www.securityfocus.com/bid/28571 http://www.securityfocus.com/bid/30933 http://www.securitytracker.com/id?1019798 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1145/references http://www.zerodayinitiative.com/advisories/ZDI-08-020/ https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/41471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441 https://www.exploit-db.com/exploits/5442 https://www.exploit-db.com/exploits/6330 http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681 http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29704 http://support.microsoft.com/kb/948590 http://www.kb.cert.org/vuls/id/632963 http://www.osvdb.org/44213 http://www.osvdb.org/44214 http://www.securityfocus.com/archive/1/490584/100/0/threaded http://www.securityfocus.com/bid/28571 http://www.securityfocus.com/bid/30933 http://www.securitytracker.com/id?1019798 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1145/references http://www.zerodayinitiative.com/advisories/ZDI-08-020/ https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/41471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441 https://www.exploit-db.com/exploits/5442 https://www.exploit-db.com/exploits/6330
CVSS v3.1
Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity HIGH
8.1
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity [email protected]
Severity HIGH
9.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-1083 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/6330
View Code
Exploit-DB https://www.exploit-db.com/exploits/5442
View Code
Exploit-DB https://www.exploit-db.com/exploits/6656
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity HIGH
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.