Vulnerabilities > CVE-2008-4327 - Numeric Errors vulnerability in Microsoft Windows XP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | MS Windows GDI+ (.ico File) Remote Division By Zero Exploit. CVE-2008-4327. Dos exploit for windows platform |
file | exploits/windows/dos/6588.txt |
id | EDB-ID:6588 |
last seen | 2016-02-01 |
modified | 2008-09-26 |
platform | windows |
port | |
published | 2008-09-26 |
reporter | laurent gaffié |
source | https://www.exploit-db.com/download/6588/ |
title | Microsoft Windows GDI+ - .ico Remote Division By Zero Exploit |
type | dos |