CVE-2008-3014

EPSS 75.59%
Veröffentlicht 11.09.2008 01:11:47
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Digital Image Suite Version2006

Microsoft ≫ Forefront Client Security Version1.0

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Office Version2003 Updatesp2

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Version2007 Editiongold

Microsoft ≫ Office Version2007 Updatesp1

Microsoft ≫ Office Versionxp Updatesp3

Microsoft ≫ Office Powerpoint Viewer Version2003

Microsoft ≫ Report Viewer Version2005 Updatesp1

Microsoft ≫ Report Viewer Version2008

Microsoft ≫ Server Version2008

Microsoft ≫ Sql Server Version2005 Updatesp2

Microsoft ≫ Sql Server Reporting Services Version2000 Updatesp2

Microsoft ≫ Visio Version2002 Updatesp2

Microsoft ≫ Works Version8.0

Microsoft ≫ Server Version2003 Updatesp1

Microsoft ≫ Server Version2003 Updatesp2

Microsoft ≫ Windows-nt Versionvista Editiongold

Microsoft ≫ Windows-nt Versionxp Updatesp3

Microsoft ≫ Windows Vista Version- Updatesp1

Microsoft ≫ Windows Xp Version- Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	75.59%	0.989

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://marc.info/?l=bugtraq&m=122235754013992&w=2

http://secunia.com/advisories/32154

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/2520

http://www.vupen.com/english/advisories/2008/2696

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052

http://www.securityfocus.com/bid/31021

http://www.securitytracker.com/id?1020837

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004

https://nvd.nist.gov/vuln/detail/CVE-2008-3014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3014

EUVD