Microsoft GDI WMF Parsing Heap Overflow Vulnerability (MS08-021)
9 Apr. 2008
Summary
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page.
Vulnerable Systems:
* Microsoft Windows XP SP2
* Microsoft Windows 2003 SP1
* Microsoft Windows Vista
The specific flaw exists within the parsing of malformed WMF files. A vulnerability exists in the GDI funcion CreateDIBPatternBrushPt used when processing WMF files. Due to a mis-calculation of user data a heap chunk can be under-allocated and later used resulting in a heap overflow. Successful exploitation can result in system compromise under the credentials of the currently logged in user.
