Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)

EDB-ID:

5442


Author:

Lamhtz

Type:

local


Platform:

Windows

Date:

2008-04-14


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

/////////////////////////////////////////////////////////////
///Exploit the MS08-021 : Stack Overflow on GDI API
///Author: Lamhtz
///Date: April 14th, 2008
///Usage: <appname.exe> [filename]
///Function: Generate a crafted emf file which could 
///          automatically run calc.exe in Win2kSP4 CHS Version
///			 with MS07-046 patched but no MS08-021 is installed.
///			 In Windows XP SP2, explorer.exe will crashed but
///          calc will not be run.
/////////////////////////////////////////////////////////////

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/5442.zip (2008-exploit_08021.zip)

// milw0rm.com [2008-04-14]