Content

Exploit-CVE2008-1083

Type
Trojan
SubType
Exploit
Discovery Date
04/10/2008
Length
Varies
Minimum DAT
5271 (04/10/2008)
Updated DAT
5271 (04/10/2008)
Minimum Engine
N/A
Description Added
04/10/2008
Description Modified
04/22/2008 7:18 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This is a generic detection for malware that attempts to exploit a heap buffer overflow vulnerability that is patched by the vendor in MS08-021. The vulnerability lies in the processing of maliciously crafted integer calculations in EMF or WMF files by the Microsoft Graphics Device Interface (GDI) component.

When successful, the exploit can cause arbitrary code execution to install additional malware; or abnormal termination of Windows applications.

More details of this vulnerability and the vendor patch at:

 

Symptoms

When successful, the exploit can cause arbitrary code execution to install additional malware; or abnormal termination of Windows applications.

 

Method of Infection

Maliciously crafted EMF or WMF files can exploit a heap buffer overflow vulnerability that lies in unpatched versions of the Microsoft Graphics Device Interface (GDI) component.

 

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a generic detection for malware that attempts to exploit a heap buffer overflow vulnerability that is patched by the vendor in MS08-021.

More details of this vulnerability and the vendor patch at:

 

Characteristics

Characteristics -

This is a generic detection for malware that attempts to exploit a heap buffer overflow vulnerability that is patched by the vendor in MS08-021. The vulnerability lies in the processing of maliciously crafted integer calculations in EMF or WMF files by the Microsoft Graphics Device Interface (GDI) component.

When successful, the exploit can cause arbitrary code execution to install additional malware; or abnormal termination of Windows applications.

More details of this vulnerability and the vendor patch at:

 

Symptoms

Symptoms -

When successful, the exploit can cause arbitrary code execution to install additional malware; or abnormal termination of Windows applications.

 

Method of Infection

Method of Infection -

Maliciously crafted EMF or WMF files can exploit a heap buffer overflow vulnerability that lies in unpatched versions of the Microsoft Graphics Device Interface (GDI) component.

 

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A