9.3

CVE-2008-3013

EPSS 71.54%
Published 11.09.2008 01:11:47
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Digital Image Suite Version2006

Microsoft ≫ Forefront Client Security Version1.0

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Office Version2003 Updatesp2

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Version2007 Editiongold

Microsoft ≫ Office Version2007 Updatesp1

Microsoft ≫ Office Versionxp Updatesp3

Microsoft ≫ Powerpoint Viewer Version2003

Microsoft ≫ Report Viewer Version2005 Updatesp1

Microsoft ≫ Report Viewer Version2008

Microsoft ≫ Sql Server Version2005 Updatesp2

Microsoft ≫ Sql Server Reporting Services Version2000 Updatesp2

Microsoft ≫ Visio Version2002 Updatesp2

Microsoft ≫ Works Version8.0

Microsoft ≫ Windows Server 2008 Version-

Microsoft ≫ Windows Vista Updategold

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	71.54%	0.987

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=122235754013992&w=2

http://secunia.com/advisories/32154

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/2520

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2696

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052

http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html

http://www.securityfocus.com/archive/1/496154/100/0/threaded

http://www.securityfocus.com/bid/31020

http://www.securitytracker.com/id?1020836

http://www.zerodayinitiative.com/advisories/ZDI-08-056

http://www.zerodayinitiative.com/advisories/ZDI-08-056/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986

https://nvd.nist.gov/vuln/detail/CVE-2008-3013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3013

EUVD