Vulnerabilities > CVE-2008-4327 - Numeric Errors vulnerability in Microsoft Windows XP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | MS Windows GDI+ (.ico File) Remote Division By Zero Exploit. CVE-2008-4327. Dos exploit for windows platform |
| file | exploits/windows/dos/6588.txt |
| id | EDB-ID:6588 |
| last seen | 2016-02-01 |
| modified | 2008-09-26 |
| platform | windows |
| port | |
| published | 2008-09-26 |
| reporter | laurent gaffié |
| source | https://www.exploit-db.com/download/6588/ |
| title | Microsoft Windows GDI+ - .ico Remote Division By Zero Exploit |
| type | dos |