2009-10-14 12:30:01 2018-10-12 23:51:51

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Microsoft Word viewer 2003 Sp3 (not an official CPE) Microsoft Works 8.5 Microsoft Word Viewer 2003 Microsoft Visual Studio .NET 2005 SP1 Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual studio 2008 (not an official CPE) Microsoft Visual Studio 2008 Service Pack 1 Microsoft Visual FoxPro 9.0 Service Pack 2 Microsoft Visual FoxPro 8.0 Service Pack 1 Microsoft Visio 2002 Service Pack 2 Microsoft SQL Server Reporting Services 2000 Service Pack 2 Microsoft SQL Server 2005 Service Pack 3 64-bit (X64) Microsoft SQL Server 2005 Service Pack 3 Itanium Microsoft SQL Server 2005 Service Pack 3 Microsoft Sql server 2005 Sp2 X64 (not an official CPE) Microsoft Sql server 2005 Sp2 Itanium (not an official CPE) Microsoft SQL Server 2005 Service Pack 2 Microsoft Report viewer 2008 Sp1 Redistributable package (not an official CPE) Microsoft Report viewer 2008 Redistributable package (not an official CPE) Microsoft Report viewer 2005 Sp1 Redistributable package (not an official CPE) Microsoft Project 2002 sp1 Microsoft Platform sdk Redistrutable gdi+ (not an official CPE) Microsoft Office Word Viewer Microsoft Office powerpoint viewer 2007 Sp2 (not an official CPE) Microsoft Office powerpoint viewer (not an official CPE) Microsoft Office powerpoint viewer 2007 Sp1 (not an official CPE) Microsoft Office groove 2007 Sp1 (not an official CPE) Microsoft Office groove 2007 (not an official CPE) Microsoft Office excel viewer (not an official CPE) Microsoft Office compatibility pack 2007 Sp1 (not an official CPE) Microsoft Office Compatibility Pack 2007 Service Pack 2 Microsoft Office XP Microsoft Office 2007 Service Pack 1 Microsoft Office 2007 Service Pack 2 Microsoft Office 2003 Service Pack 3 Microsoft Internet Explorer 6 SP1 Microsoft Forefront Client Security 1.0 Microsoft Expression Web 2 Microsoft Expression Web Microsoft Excel viewer 2003 Sp3 (not an official CPE) Microsoft Excel Viewer 2003 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework Version 1.1 Service Pack 1
Advisory Patch Confirmed Link
MS09-062
TA09-286A
KB958869 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB970892 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB970894 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB970895 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB970896 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB970899 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971022 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971023 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971104 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971105 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971108 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971110 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971111 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971117 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971118 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB971119 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB972221 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB972222 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB972580 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB972581 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB973636 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB974811 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB975337 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB975365 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution KB975962 | MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution