ID CVE-2007-5348
Summary Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:server:2008:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:server:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:office_system:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:office_system:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:office_system:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:office_system:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:2003_server:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:2003_server:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows-nt:vista:*:gold:*:*:*:*:*
    cpe:2.3:o:microsoft:windows-nt:vista:*:gold:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-06-30T04:11:14.006-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Todd Dolinsky
    organization Hewlett-Packard
  • name Mike Lah
    organization The MITRE Corporation
  • name Mike Lah
    organization The MITRE Corporation
  • name Pradeep R B
    organization SecPod Technologies
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Shane Shaffer
    organization G2, Inc.
  • name Sharath S
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
  • comment Microsoft Office XP is installed
    oval oval:org.mitre.oval:def:663
  • comment Microsoft Office 2003 is installed
    oval oval:org.mitre.oval:def:233
  • comment Microsoft Office 2007 is installed
    oval oval:org.mitre.oval:def:1211
  • comment Microsoft Office Visio 2002 SP2 is installed
    oval oval:org.mitre.oval:def:692
  • comment Microsoft PowerPoint Viewer is installed
    oval oval:org.mitre.oval:def:6014
  • comment Microsoft SQL Server 2005 is installed
    oval oval:org.mitre.oval:def:6082
  • comment Microsoft SQL Server 2005 SP2 is installed
    oval oval:org.mitre.oval:def:8397
description Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
family windows
id oval:org.mitre.oval:def:6055
status accepted
submitted 2008-09-09T13:58:00
title GDI+ VML Buffer Overrun Vulnerability
version 69
refmap via4
bid 31018
cert TA08-253A
hp
  • HPSBST02372
  • SSRT080133
idefense 20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability
sectrack 1020834
secunia 32154
vupen
  • ADV-2008-2520
  • ADV-2008-2696
Last major update 30-10-2018 - 16:25
Published 11-09-2008 - 01:01
Last modified 30-10-2018 - 16:25
Back to Top