CVE-2008-2160

Published: May 12, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.

Affected (1)

Products: Microsoft: Windows Embedded Compact

Microsoft

1 product

Windows Embedded Compact

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Embedded Compact	Version 5.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://secunia.com/advisories/30197

Source: cve@mitre.org

Vendor Advisory

http://support.microsoft.com/kb/948812

Source: cve@mitre.org

http://www.securityfocus.com/bid/29147

Source: cve@mitre.org

http://www.securitytracker.com/id?1020007

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1469/references

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/42334

Source: cve@mitre.org

http://secunia.com/advisories/30197