Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft SQL Server 2005 Service Pack 2
Microsoft SQL Server Reporting Services 2000 Service Pack 2
Microsoft Visio 2002 Service Pack 2
Microsoft Report Viewer 2008
Microsoft Report Viewer 2005 Service Pack 1
Microsoft Office powerpoint viewer 2003 (not an official CPE)
Microsoft Office XP Service Pack 3
Microsoft Office 2007 Gold (not an official CPE)
Microsoft Office 2007 Service Pack 1
Microsoft Office 2003 sp2
Microsoft Office 2003 Service Pack 3
Microsoft Forefront Client Security 1.0
Microsoft Digital image suite 2006 (not an official CPE)
Microsoft Works 8.0
KB938464 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB947736 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB947737 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB947738 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB947739 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB947742 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB947746 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB947748 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB952241 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB953405 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954326 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954478 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954479 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954593 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954606 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954607 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954609 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954765 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB954766 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB955368 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB955369 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB955370 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB955992 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB956483 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB956500 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB957177 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution
KB975337 | MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution