CVE-2008-3013

Microsoft GDI+ - Remote Code Execution via Malformed GIF Image Parsing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3013. PoCs published by John Smith.

AI-analyzed exploit summary This exploit targets a vulnerability in Gdiplus.dll (CVE-2008-3013) by crafting a malicious GIF file. The PoC generates a GIF with a malformed structure that triggers a buffer overflow, potentially leading to remote code execution.

Description

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by John Smith · perldoswindows
https://www.exploit-db.com/exploits/6716

This exploit targets a vulnerability in Gdiplus.dll (CVE-2008-3013) by crafting a malicious GIF file. The PoC generates a GIF with a malformed structure that triggers a buffer overflow, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft GDI+ (Gdiplus.dll) version 5.1.3102.2180 on Windows XP SP2
No auth needed
Prerequisites: Target system running vulnerable Gdiplus.dll version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32154
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-056
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=122235754013992&w=2
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2696
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020836
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496154/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31020
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-253A.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2520

Scores

EPSS 0.5206
EPSS Percentile 98.8%

Details

CWE
CWE-399
Status published
Products (16)
microsoft/digital_image_suite 2006
microsoft/forefront_client_security 1.0
microsoft/internet_explorer 6 sp1
microsoft/office 2003 sp2 (2 CPE variants)
microsoft/office 2007 (2 CPE variants)
microsoft/office xp sp3
microsoft/powerpoint_viewer 2003
microsoft/report_viewer 2005 sp1
microsoft/report_viewer 2008
microsoft/sql_server 2005 sp2
... and 6 more
Published Sep 11, 2008
Tracked Since Feb 18, 2026