CVE-2008-3465 — CRITICAL (9.8)

Vulnerability Description

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Windows 2000	All versions
Microsoft	Windows 2003 Server	All versions
Microsoft	Windows Server 2003	All versions
Microsoft	Windows Server 2008	All versions
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2008-3465?

CVE-2008-3465 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a de...

How severe is CVE-2008-3465?

CVE-2008-3465 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2008-3465?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.