CVE-2008-1083

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 2000 SP4 through Server 2008

Description A heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow. This issue could allow remote code execution if a user opens a specially crafted EMF or WMF image file, potentially giving an attacker complete control of an affected system.

Recommendations For Microsoft Windows versions 2000 SP4 through Server 2008, consider restricting access to EMF and WMF image files until a patch is available. As a temporary workaround, avoid using the CreateDIBPatternBrushPt function until a fix is provided. Restrict user privileges to minimize the risk of exploitation.