CVE-2008-3013

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://marc.info/?l=bugtraq&m=122235754013992&w=2
http://marc.info/?l=bugtraq&m=122235754013992&w=2
http://secunia.com/advisories/32154	Vendor Advisory
http://www.securityfocus.com/archive/1/496154/100/0/threaded
http://www.securityfocus.com/bid/31020
http://www.securitytracker.com/id?1020836
http://www.us-cert.gov/cas/techalerts/TA08-253A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/2520	Vendor Advisory
http://www.vupen.com/english/advisories/2008/2696	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-056
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986
http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://marc.info/?l=bugtraq&m=122235754013992&w=2
http://marc.info/?l=bugtraq&m=122235754013992&w=2
http://secunia.com/advisories/32154	Vendor Advisory
http://www.securityfocus.com/archive/1/496154/100/0/threaded
http://www.securityfocus.com/bid/31020
http://www.securitytracker.com/id?1020836
http://www.us-cert.gov/cas/techalerts/TA08-253A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/2520	Vendor Advisory
http://www.vupen.com/english/advisories/2008/2696	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-056
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:digital_image_suite:2006:::::::*
	cpe:2.3:a:microsoft:forefront_client_security:1.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:office:2003:sp2::::::
	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2007::gold:::::
	cpe:2.3:a:microsoft:office:2007:sp1::::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::
	cpe:2.3:a:microsoft:powerpoint_viewer:2003:::::::*
	cpe:2.3:a:microsoft:report_viewer:2005:sp1::::::
	cpe:2.3:a:microsoft:report_viewer:2008:::::::*
	cpe:2.3:a:microsoft:sql_server:2005:sp2::::::
	cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2::::::
	cpe:2.3:a:microsoft:visio:2002:sp2::::::
	cpe:2.3:a:microsoft:works:8.0:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
	cpe:2.3:o:microsoft:windows_vista::gold::::::*
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

History

21 Nov 2024, 00:48

Type	Values Removed	Values Added
References	~~() http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html -~~	() http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html -
References	~~() http://marc.info/?l=bugtraq&m=122235754013992&w=2 -~~	() http://marc.info/?l=bugtraq&m=122235754013992&w=2 -
References	~~() http://secunia.com/advisories/32154 - Vendor Advisory~~	() http://secunia.com/advisories/32154 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/496154/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/496154/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/31020 -~~	() http://www.securityfocus.com/bid/31020 -
References	~~() http://www.securitytracker.com/id?1020836 -~~	() http://www.securitytracker.com/id?1020836 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA08-253A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA08-253A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2008/2520 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2008/2520 - Vendor Advisory
References	~~() http://www.vupen.com/english/advisories/2008/2696 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2008/2696 - Vendor Advisory
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-08-056 -~~	() http://www.zerodayinitiative.com/advisories/ZDI-08-056 -
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-08-056/ -~~	() http://www.zerodayinitiative.com/advisories/ZDI-08-056/ -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986 -

Information

Published : 2008-09-11 01:11

Updated : 2024-11-21 00:48

NVD link : CVE-2008-3013

Mitre link : CVE-2008-3013

CVE.ORG link : CVE-2008-3013

JSON object : View

Products Affected

microsoft

works
digital_image_suite
windows_vista
visio
powerpoint_viewer
windows_xp
report_viewer
sql_server
sql_server_reporting_services
windows_server_2008
internet_explorer
office
forefront_client_security

CWE

CWE-399

Resource Management Errors

9.3 /10