ID CVE-2008-3015
Summary Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:47)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-06-30T04:11:08.854-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Mike Lah
    organization The MITRE Corporation
  • name Pradeep R B
    organization SecPod Technologies
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Chandan S
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Office XP is installed
    oval oval:org.mitre.oval:def:663
  • comment Microsoft Office 2003 is installed
    oval oval:org.mitre.oval:def:233
  • comment Microsoft Office 2007 is installed
    oval oval:org.mitre.oval:def:1211
  • comment Microsoft Office Visio 2002 SP2 is installed
    oval oval:org.mitre.oval:def:692
  • comment Microsoft PowerPoint Viewer is installed
    oval oval:org.mitre.oval:def:6014
  • comment Microsoft SQL Server 2005 is installed
    oval oval:org.mitre.oval:def:6082
  • comment Microsoft SQL Server 2005 SP2 is installed
    oval oval:org.mitre.oval:def:8397
description Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
family windows
id oval:org.mitre.oval:def:5881
status accepted
submitted 2008-09-09T13:58:00
title GDI+ BMP Integer Overflow Vulnerability
version 29
refmap via4
bid 31022
bugtraq 20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
cert TA08-253A
exploit-db
  • 6619
  • 6716
hp
  • HPSBST02372
  • SSRT080133
misc
ms MS08-052
sectrack 1020838
secunia 32154
vupen
  • ADV-2008-2520
  • ADV-2008-2696
Last major update 12-10-2018 - 21:47
Published 11-09-2008 - 01:11
Back to Top