Remote Code Execution Vulnerability in GDI+ for Microsoft Products
CVE-2008-3013

Currently unrated

Key Information:

Vendor: Microsoft
Status: Powerpoint Viewer; Forefront Client Security; Digital Image Suite; Windows Xp
Vendor: CVE Published:; 11 September 2008

Summary

The GDI+ component in various Microsoft products, such as older versions of Internet Explorer and Windows, is susceptible to a vulnerability that allows attackers to execute arbitrary code. This occurs when a malformed GIF image file is processed, specifically one that contains numerous graphic control extension markers and unrecognized labels. This parsing failure can enable a potential attacker to compromise system integrity and execute commands without the user's consent.

References

http://secunia.com/advisories/32154

third-party-advisoryx_refsource_SECUNIA

http://www.zerodayinitiative.com/advisories/ZDI-08-056

x_refsource_MISC

http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-...

x_refsource_MISC

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Jul 7, 2008