CVE-2008-1083

HIGH

Microsoft Windows - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-1083. PoCs published by Ac!dDrop, Lamhtz.

AI-analyzed exploit summary This exploit demonstrates a heap overflow in the CreateDIBPatternBrushPt function, causing a denial-of-service (DoS) condition in Windows XP SP2 and Internet Explorer 6. It crashes Explorer.exe and silently closes Internet Explorer.

Description

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Ac!dDrop · textdoswindows
https://www.exploit-db.com/exploits/6330

This exploit demonstrates a heap overflow in the CreateDIBPatternBrushPt function, causing a denial-of-service (DoS) condition in Windows XP SP2 and Internet Explorer 6. It crashes Explorer.exe and silently closes Internet Explorer.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows XP SP2 (GDI32.dll 5.1.2600.3099), Internet Explorer 6.0.2900.2180
No auth needed
Prerequisites: Windows XP SP2 with vulnerable GDI32.dll · Internet Explorer 6.0.2900.2180
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Lamhtz · c++localwindows
https://www.exploit-db.com/exploits/5442

This exploit generates a crafted EMF file to trigger a stack overflow in the GDI API (CVE-2008-1083), leading to arbitrary code execution (calc.exe) on Windows 2000 SP4 CHS or a crash on Windows XP SP2. The exploit leverages a vulnerability in the handling of EMF files to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 2000 SP4 CHS, Windows XP SP2 (GDI API)
No auth needed
Prerequisites: Target system must be unpatched for MS08-021 · Target must open the crafted EMF file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/6656

This exploit targets a stack buffer overflow in the EMR_COLORMATCHTOTARGETW function in GDI32.dll (CVE-2008-1083). It includes payloads for executing a calculator and connecting to a localhost port, demonstrating remote code execution on Windows XP SP1.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows XP SP1 (GDI32.dll 5.1.2600.1106)
No auth needed
Prerequisites: Vulnerable Windows XP SP1 system · Ability to deliver malicious EMF file
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (20)

Core 20
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30933
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/44213
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=120845064910729&w=2
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1145/references
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/948590
Broken Link mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0168.html
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/44214
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-020/
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/632963
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490584/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5442
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6330
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41471
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019798
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5441
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28571
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29704

Scores

CVSS v3 8.1
EPSS 0.5036
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-119 CWE-190
Status published
Products (5)
microsoft/windows_2000
microsoft/windows_2003_server (6 CPE variants)
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_vista (3 CPE variants)
microsoft/windows_xp
Published Apr 08, 2008
Tracked Since Feb 18, 2026