CVE-2008-3012

EPSS 70.56%
Published 11.09.2008 01:11:47
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Digital Image Suite Version2006

Microsoft ≫ Forefront Client Security Version1.0

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Office Version2003 Updatesp2

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Versionxp Updatesp3

Microsoft ≫ Office Powerpoint Viewer Version2003

Microsoft ≫ Report Viewer Version2005 Updatesp1

Microsoft ≫ Report Viewer Version2008

Microsoft ≫ Server Version2008

Microsoft ≫ Sql Server Version2005 Updatesp2

Microsoft ≫ Sql Server Reporting Services Version2000 Updatesp2

Microsoft ≫ Visio Version2002 Updatesp2

Microsoft ≫ Works Version8.0

Microsoft ≫ Office System Updategold

Microsoft ≫ Office System Updatesp1

Microsoft ≫ Windows Version2003_server Updatesp1

Microsoft ≫ Windows Version2003_server Updatesp2

Microsoft ≫ Windows-nt Versionvista Editiongold

Microsoft ≫ Windows-nt Versionxp Updatesp3

Microsoft ≫ Windows Vista Version- Updatesp1

Microsoft ≫ Windows Xp Version- Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	70.56%	0.986

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://marc.info/?l=bugtraq&m=122235754013992&w=2

http://secunia.com/advisories/32154

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/2520

http://www.vupen.com/english/advisories/2008/2696

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052

http://www.securityfocus.com/bid/31019

http://www.securitytracker.com/id?1020835

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040

https://nvd.nist.gov/vuln/detail/CVE-2008-3012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3012

EUVD