CVE-2008-3015

Microsoft Digital Image Suite - Remote Code Execution via Malformed BMP BitMapInfoHeader

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3015. PoCs published by John Smith.

AI-analyzed exploit summary This exploit targets a vulnerability in Gdiplus.dll (CVE-2008-3013) by crafting a malicious GIF file. The PoC generates a GIF with a malformed structure that triggers a buffer overflow, potentially leading to remote code execution.

Description

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by John Smith · perldoswindows
https://www.exploit-db.com/exploits/6716

This exploit targets a vulnerability in Gdiplus.dll (CVE-2008-3013) by crafting a malicious GIF file. The PoC generates a GIF with a malformed structure that triggers a buffer overflow, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft GDI+ (Gdiplus.dll) version 5.1.3102.2180 on Windows XP SP2
No auth needed
Prerequisites: Target system running vulnerable Gdiplus.dll version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by John Smith · htmldoswindows
https://www.exploit-db.com/exploits/6619

This exploit leverages a vulnerability in GDI+ (CVE-2007-5348) via a malformed VML (Vector Markup Language) object in Internet Explorer. The exploit manipulates the 'focussize' and 'focusposition' properties to trigger a memory corruption issue, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6.0.2900.2180 with Gdiplus.dll 5.1.3102.2180 on Windows XP SP2
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · Target system must have vulnerable GDI+ and Internet Explorer versions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32154
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020838
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=122235754013992&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496153/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2696
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6716
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-055
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31022
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6619
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-253A.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2520

Scores

EPSS 0.7154
EPSS Percentile 98.8%

Details

CWE
CWE-189
Status published
Products (12)
microsoft/digital_image_suite 2006
microsoft/forefront_client_security 1.0
microsoft/office 2003 sp2 (2 CPE variants)
microsoft/office 2007 (2 CPE variants)
microsoft/office xp sp3
microsoft/office_powerpoint_viewer 2003
microsoft/report_viewer 2005 sp1
microsoft/report_viewer 2008
microsoft/sql_server 2005 sp2
microsoft/sql_server_reporting_services 2000 sp2
... and 2 more
Published Sep 11, 2008
Tracked Since Feb 18, 2026