Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0200

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2004-0200
Last Modified 10 Sep 2008 03:25:29
Published 28 Sep 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0200

Summary

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp

Application

  • Microsoft .net Framework 1.0

  • Microsoft Digital Image Pro 7.0

  • Microsoft Digital Image Pro 9

  • Microsoft Digital Image Suite 9

  • Microsoft Excel 2002

  • Microsoft Excel 2003

  • Microsoft Frontpage 2002

  • Microsoft Frontpage 2003

  • Microsoft Greetings 2002

  • Microsoft Infopath 2003

  • Microsoft Office 2003

  • Microsoft Office Xp

  • Microsoft Onenote 2003

  • Microsoft Outlook 2002

  • Microsoft Outlook 2003

  • Microsoft Picture It 2002

  • Microsoft Picture It 7.0

  • Microsoft Picture It 9

  • Microsoft Powerpoint 2002

  • Microsoft Powerpoint 2003

  • Microsoft Producer

  • Microsoft Project 2002

  • Microsoft Project 2003

  • Microsoft Publisher 2002

  • Microsoft Publisher 2003

  • Microsoft Visio 2002

  • Microsoft Visio 2003

  • Microsoft Visual Basic 2002

  • Microsoft Visual Basic 2003

  • Microsoft Visual C%23 2002

  • Microsoft Visual C%23 2003

  • Microsoft Visual C%2b%2b 2002

  • Microsoft Visual C%2b%2b 2003

  • Microsoft Visual J%23 .net 2003

  • Microsoft Visual Studio .net 2002

  • Microsoft Visual Studio .net 2003

  • Microsoft Word 2002

  • Microsoft Word 2003


References

CERT - TA04-260A

CERT-VN - VU#297462

XF - win-jpeg-bo(16304)

MS - MS04-028

BUGTRAQ - 20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow


Last Updated: 27 May 2016 10:38:30