Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2502

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-2502
Last Modified 21 Aug 2010 01:33:59
Published 14 Oct 2009 06:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2502

Summary

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server

  • Microsoft Windows Server 2008

  • Microsoft Windows Vista

  • Microsoft Windows Xp

Application

  • Microsoft .net Framework 1.1

  • Microsoft .net Framework 2.0

  • Microsoft Excel Viewer 2003

  • Microsoft Expression Web

  • Microsoft Expression Web 2

  • Microsoft Forefront Client Security 1.0

  • Microsoft Internet Explorer 6

  • Microsoft Office 2003

  • Microsoft Office 2007

  • Microsoft Office Compatibility Pack 2007

  • Microsoft Office Excel Viewer

  • Microsoft Office Groove 2007

  • Microsoft Office Powerpoint Viewer

  • Microsoft Office Powerpoint Viewer 2007

  • Microsoft Office Word Viewer

  • Microsoft Office Xp

  • Microsoft Platform Sdk

  • Microsoft Project 2002

  • Microsoft Report Viewer 2005

  • Microsoft Report Viewer 2008

  • Microsoft Sql Server 2005

  • Microsoft Sql Server Reporting Services 2000

  • Microsoft Visio 2002

  • Microsoft Visual Foxpro 8.0

  • Microsoft Visual Foxpro 9.0

  • Microsoft Visual Studio .net 2003

  • Microsoft Visual Studio .net 2005

  • Microsoft Visual Studio 2008

  • Microsoft Word Viewer 2003

  • Microsoft Works 8.5


References

CERT - TA09-286A

MS - MS09-062

Related Patches

MS09-062 957488 972222 Security Update for Microsoft Visual Studio 2008 SP1 (All Languages)

MS09-062 Security Update for Report Viewer Redistributable 2008 (KB971118)

MS09-062 Security Update for Report Viewer Redistributable 2008 Service Pack 1 (KB971119)


Last Updated: 27 May 2016 10:50:56