Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
30 vulnerabilities found for forefront_client_security by microsoft
CVE-2011-0037 (GCVE-0-2011-0037)
Vulnerability from nvd – Published: 2011-02-25 17:00 – Updated: 2024-08-06 21:43
VLAI
Summary
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.microsoft.com/technet/security/advisor… | x_refsource_CONFIRM |
| http://secunia.com/advisories/43468 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/46540 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2011/0486 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1025117 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.microsoft.com/technet/security/advisory/2491888.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0037",
"datePublished": "2011-02-25T17:00:00.000Z",
"dateReserved": "2010-12-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:43:15.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3126 (GCVE-0-2009-3126)
Vulnerability from nvd – Published: 2009-10-14 10:00 – Updated: 2024-08-07 06:14
VLAI
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-3126",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-09-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:56.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2528 (GCVE-0-2009-2528)
Vulnerability from nvd – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:15.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2528",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:15.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2504 (GCVE-0-2009-2504)
Vulnerability from nvd – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6282",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6282",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6282",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2504",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2503 (GCVE-0-2009-2503)
Vulnerability from nvd – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2503",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2502 (GCVE-0-2009-2502)
Vulnerability from nvd – Published: 2009-10-14 10:00 – Updated: 2024-10-21 16:34
VLAI
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-2502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T16:41:52.863250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:34:33.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2502",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-10-21T16:34:33.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2501 (GCVE-0-2009-2501)
Vulnerability from nvd – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2501",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2500 (GCVE-0-2009-2500)
Vulnerability from nvd – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5967",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5967",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5967",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2500",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3015 (GCVE-0-2008-3015)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "1020838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020838"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
},
{
"name": "6716",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6716"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "31022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31022"
},
{
"name": "oval:org.mitre.oval:def:5881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
},
{
"name": "6619",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6619"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka \"GDI+ BMP Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "1020838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020838"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
},
{
"name": "6716",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6716"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "31022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31022"
},
{
"name": "oval:org.mitre.oval:def:5881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
},
{
"name": "6619",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6619"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka \"GDI+ BMP Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "1020838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020838"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt",
"refsource": "MISC",
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
},
{
"name": "6716",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6716"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-055",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "31022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31022"
},
{
"name": "oval:org.mitre.oval:def:5881",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
},
{
"name": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt",
"refsource": "MISC",
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
},
{
"name": "6619",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6619"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3015",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3014 (GCVE-0-2008-3014)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32154 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisoryx_refsource_HP |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.securityfocus.com/bid/31021 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/2696 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1020837 | vdb-entryx_refsource_SECTRACK |
| http://www.us-cert.gov/cas/techalerts/TA08-253A.html | third-party-advisoryx_refsource_CERT |
| http://www.vupen.com/english/advisories/2008/2520 | vdb-entryx_refsource_VUPEN |
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "31021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31021"
},
{
"name": "oval:org.mitre.oval:def:6004",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020837"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "31021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31021"
},
{
"name": "oval:org.mitre.oval:def:6004",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020837"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "31021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31021"
},
{
"name": "oval:org.mitre.oval:def:6004",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020837"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3014",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3013 (GCVE-0-2008-3013)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020836"
},
{
"name": "oval:org.mitre.oval:def:5986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
},
{
"name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
},
{
"name": "31020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31020"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka \"GDI+ GIF Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020836"
},
{
"name": "oval:org.mitre.oval:def:5986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
},
{
"name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
},
{
"name": "31020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31020"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka \"GDI+ GIF Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-056",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
},
{
"name": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html",
"refsource": "MISC",
"url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020836"
},
{
"name": "oval:org.mitre.oval:def:5986",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
},
{
"name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
},
{
"name": "31020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31020"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3013",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3012 (GCVE-0-2008-3012)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32154 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisoryx_refsource_HP |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/2696 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1020835 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/31019 | vdb-entryx_refsource_BID |
| http://www.us-cert.gov/cas/techalerts/TA08-253A.html | third-party-advisoryx_refsource_CERT |
| http://www.vupen.com/english/advisories/2008/2520 | vdb-entryx_refsource_VUPEN |
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "oval:org.mitre.oval:def:6040",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020835"
},
{
"name": "31019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31019"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "oval:org.mitre.oval:def:6040",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020835"
},
{
"name": "31019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31019"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "oval:org.mitre.oval:def:6040",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020835"
},
{
"name": "31019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31019"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3012",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5348 (GCVE-0-2007-5348)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32154 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisoryx_refsource_HP |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.vupen.com/english/advisories/2008/2696 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1020834 | vdb-entryx_refsource_SECTRACK |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.securityfocus.com/bid/31018 | vdb-entryx_refsource_BID |
| http://www.us-cert.gov/cas/techalerts/TA08-253A.html | third-party-advisoryx_refsource_CERT |
| http://www.vupen.com/english/advisories/2008/2520 | vdb-entryx_refsource_VUPEN |
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020834",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020834"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6055",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
},
{
"name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
},
{
"name": "31018",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31018"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020834",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020834"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6055",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
},
{
"name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
},
{
"name": "31018",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31018"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-5348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020834"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6055",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
},
{
"name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
},
{
"name": "31018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31018"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-5348",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2007-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1438 (GCVE-0-2008-1438)
Vulnerability from nvd – Published: 2008-05-13 22:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30172 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29073 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1020016 | vdb-entryx_refsource_SECTRACK |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/1506… | vdb-entryx_refsource_VUPEN |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisoryx_refsource_HP |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2008-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1438",
"datePublished": "2008-05-13T22:00:00.000Z",
"dateReserved": "2008-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1437 (GCVE-0-2008-1437)
Vulnerability from nvd – Published: 2008-05-13 22:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30172 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1020016 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/29060 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/1506… | vdb-entryx_refsource_VUPEN |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisoryx_refsource_HP |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2008-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1437",
"datePublished": "2008-05-13T22:00:00.000Z",
"dateReserved": "2008-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0037 (GCVE-0-2011-0037)
Vulnerability from cvelistv5 – Published: 2011-02-25 17:00 – Updated: 2024-08-06 21:43
VLAI
Summary
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.microsoft.com/technet/security/advisor… | x_refsource_CONFIRM |
| http://secunia.com/advisories/43468 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/46540 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2011/0486 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1025117 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.microsoft.com/technet/security/advisory/2491888.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/2491888.mspx"
},
{
"name": "43468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43468"
},
{
"name": "46540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46540"
},
{
"name": "ADV-2011-0486",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0486"
},
{
"name": "1025117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025117"
},
{
"name": "ms-malware-engine-priv-esc(65626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2011-0037",
"datePublished": "2011-02-25T17:00:00.000Z",
"dateReserved": "2010-12-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:43:15.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2500 (GCVE-0-2009-2500)
Vulnerability from cvelistv5 – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5967",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5967",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5967",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
},
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2500",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2503 (GCVE-0-2009-2503)
Vulnerability from cvelistv5 – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:6491",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2503",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2502 (GCVE-0-2009-2502)
Vulnerability from cvelistv5 – Published: 2009-10-14 10:00 – Updated: 2024-10-21 16:34
VLAI
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-2502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T16:41:52.863250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:34:33.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2502",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-10-21T16:34:33.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2528 (GCVE-0-2009-2528)
Vulnerability from cvelistv5 – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:15.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6426",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2528",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:15.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2501 (GCVE-0-2009-2501)
Vulnerability from cvelistv5 – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:5800",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2501",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3126 (GCVE-0-2009-3126)
Vulnerability from cvelistv5 – Published: 2009-10-14 10:00 – Updated: 2024-08-07 06:14
VLAI
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6134",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-3126",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-09-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:14:56.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2504 (GCVE-0-2009-2504)
Vulnerability from cvelistv5 – Published: 2009-10-14 10:00 – Updated: 2024-08-07 05:52
VLAI
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2009-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6282",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6282",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6282",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
},
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2504",
"datePublished": "2009-10-14T10:00:00.000Z",
"dateReserved": "2009-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3014 (GCVE-0-2008-3014)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32154 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisoryx_refsource_HP |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.securityfocus.com/bid/31021 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/2696 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1020837 | vdb-entryx_refsource_SECTRACK |
| http://www.us-cert.gov/cas/techalerts/TA08-253A.html | third-party-advisoryx_refsource_CERT |
| http://www.vupen.com/english/advisories/2008/2520 | vdb-entryx_refsource_VUPEN |
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "31021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31021"
},
{
"name": "oval:org.mitre.oval:def:6004",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020837"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "31021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31021"
},
{
"name": "oval:org.mitre.oval:def:6004",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020837"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka \"GDI+ WMF Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "31021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31021"
},
{
"name": "oval:org.mitre.oval:def:6004",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020837"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3014",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3013 (GCVE-0-2008-3013)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020836"
},
{
"name": "oval:org.mitre.oval:def:5986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
},
{
"name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
},
{
"name": "31020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31020"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka \"GDI+ GIF Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020836"
},
{
"name": "oval:org.mitre.oval:def:5986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
},
{
"name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
},
{
"name": "31020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31020"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka \"GDI+ GIF Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-056",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056"
},
{
"name": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html",
"refsource": "MISC",
"url": "http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-056/"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020836"
},
{
"name": "oval:org.mitre.oval:def:5986",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986"
},
{
"name": "20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496154/100/0/threaded"
},
{
"name": "31020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31020"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3013",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3012 (GCVE-0-2008-3012)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32154 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisoryx_refsource_HP |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/2696 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1020835 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/31019 | vdb-entryx_refsource_BID |
| http://www.us-cert.gov/cas/techalerts/TA08-253A.html | third-party-advisoryx_refsource_CERT |
| http://www.vupen.com/english/advisories/2008/2520 | vdb-entryx_refsource_VUPEN |
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "oval:org.mitre.oval:def:6040",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020835"
},
{
"name": "31019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31019"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "oval:org.mitre.oval:def:6040",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020835"
},
{
"name": "31019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31019"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka \"GDI+ EMF Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "oval:org.mitre.oval:def:6040",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "1020835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020835"
},
{
"name": "31019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31019"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3012",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3015 (GCVE-0-2008-3015)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "1020838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020838"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
},
{
"name": "6716",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6716"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "31022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31022"
},
{
"name": "oval:org.mitre.oval:def:5881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
},
{
"name": "6619",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6619"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka \"GDI+ BMP Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "1020838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020838"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
},
{
"name": "6716",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6716"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "31022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31022"
},
{
"name": "oval:org.mitre.oval:def:5881",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
},
{
"name": "6619",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6619"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka \"GDI+ BMP Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "1020838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020838"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496153/100/0/threaded"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt",
"refsource": "MISC",
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt"
},
{
"name": "6716",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6716"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-055",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-055"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "31022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31022"
},
{
"name": "oval:org.mitre.oval:def:5881",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881"
},
{
"name": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt",
"refsource": "MISC",
"url": "http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt"
},
{
"name": "6619",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6619"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-3015",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:34.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5348 (GCVE-0-2007-5348)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32154 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=122235754013992&w=2 | vendor-advisoryx_refsource_HP |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.vupen.com/english/advisories/2008/2696 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1020834 | vdb-entryx_refsource_SECTRACK |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.securityfocus.com/bid/31018 | vdb-entryx_refsource_BID |
| http://www.us-cert.gov/cas/techalerts/TA08-253A.html | third-party-advisoryx_refsource_CERT |
| http://www.vupen.com/english/advisories/2008/2520 | vdb-entryx_refsource_VUPEN |
Date Public
2008-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020834",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020834"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6055",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
},
{
"name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
},
{
"name": "31018",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31018"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "32154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020834",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020834"
},
{
"name": "SSRT080133",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6055",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
},
{
"name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
},
{
"name": "31018",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31018"
},
{
"name": "TA08-253A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-5348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka \"GDI+ VML Buffer Overrun Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32154"
},
{
"name": "HPSBST02372",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "MS08-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052"
},
{
"name": "ADV-2008-2696",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2696"
},
{
"name": "1020834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020834"
},
{
"name": "SSRT080133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:6055",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055"
},
{
"name": "20080909 Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743"
},
{
"name": "31018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31018"
},
{
"name": "TA08-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
},
{
"name": "ADV-2008-2520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-5348",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2007-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1438 (GCVE-0-2008-1438)
Vulnerability from cvelistv5 – Published: 2008-05-13 22:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30172 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29073 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1020016 | vdb-entryx_refsource_SECTRACK |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/1506… | vdb-entryx_refsource_VUPEN |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisoryx_refsource_HP |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2008-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with \"crafted data structures\" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30172"
},
{
"name": "29073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29073"
},
{
"name": "1020016",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "oval:org.mitre.oval:def:14375",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14375"
},
{
"name": "ADV-2008-1506",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1438",
"datePublished": "2008-05-13T22:00:00.000Z",
"dateReserved": "2008-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1437 (GCVE-0-2008-1437)
Vulnerability from cvelistv5 – Published: 2008-05-13 22:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30172 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1020016 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/29060 | vdb-entryx_refsource_BID |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2008/1506… | vdb-entryx_refsource_VUPEN |
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | vendor-advisoryx_refsource_HP |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | third-party-advisoryx_refsource_CERT |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
Date Public
2008-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "30172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30172"
},
{
"name": "1020016",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020016"
},
{
"name": "29060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29060"
},
{
"name": "oval:org.mitre.oval:def:13981",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13981"
},
{
"name": "ADV-2008-1506",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1506/references"
},
{
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "TA08-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121129490723574\u0026w=2"
},
{
"name": "MS08-029",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1437",
"datePublished": "2008-05-13T22:00:00.000Z",
"dateReserved": "2008-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}