9.3

CVE-2008-3015

EPSS 71.54%
Published 11.09.2008 01:11:47
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Digital Image Suite Version2006

Microsoft ≫ Forefront Client Security Version1.0

Microsoft ≫ Office Version2003 Updatesp2

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Version2007 Editiongold

Microsoft ≫ Office Version2007 Updatesp1

Microsoft ≫ Office Versionxp Updatesp3

Microsoft ≫ Office Powerpoint Viewer Version2003

Microsoft ≫ Report Viewer Version2005 Updatesp1

Microsoft ≫ Report Viewer Version2008

Microsoft ≫ Sql Server Version2005 Updatesp2

Microsoft ≫ Sql Server Reporting Services Version2000 Updatesp2

Microsoft ≫ Visio Version2002 Updatesp2

Microsoft ≫ Works Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	71.54%	0.986

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://marc.info/?l=bugtraq&m=122235754013992&w=2

http://secunia.com/advisories/32154

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/2520

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2696

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052

http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt

http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt

http://www.securityfocus.com/archive/1/496153/100/0/threaded

http://www.securityfocus.com/bid/31022

http://www.securitytracker.com/id?1020838

http://www.zerodayinitiative.com/advisories/ZDI-08-055

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881

https://www.exploit-db.com/exploits/6619

https://www.exploit-db.com/exploits/6716

https://nvd.nist.gov/vuln/detail/CVE-2008-3015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3015

EUVD