CVE-2009-2501

EPSS 51.68%
Veröffentlicht 14.10.2009 10:30:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium

Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64

Microsoft ≫ Windows Server 2008 Editionitanium

Microsoft ≫ Windows Server 2008 Editionx32

Microsoft ≫ Windows Server 2008 Editionx64

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Vista Editionx64

Microsoft ≫ Windows Vista Updatesp1

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp3

Microsoft ≫ .Net Framework Version1.1 Updatesp1

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ .Net Framework Version2.0 Updatesp1

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ .Net Framework Version2.0 Updatesp2

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Report Viewer Version2005 Updatesp1 Editionredistributable_package

Microsoft ≫ Report Viewer Version2008 Editionredistributable_package

Microsoft ≫ Report Viewer Version2008 Updatesp1 Editionredistributable_package

Microsoft ≫ Sql Server Version2005 Updatesp2

Microsoft ≫ Sql Server Version2005 Updatesp2 Editionitanium

Microsoft ≫ Sql Server Version2005 Updatesp2 Editionx64

Microsoft ≫ Sql Server Version2005 Updatesp3

Microsoft ≫ Sql Server Version2005 Updatesp3 Editionitanium

Microsoft ≫ Sql Server Version2005 Updatesp3 Editionx64

Microsoft ≫ Sql Server Reporting Services Version2000 Updatesp2

Microsoft ≫ Excel Viewer Version2003

Microsoft ≫ Excel Viewer Version2003 Updatesp3

Microsoft ≫ Expression Web

Microsoft ≫ Expression Web Version2

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Version2007 Updatesp1

Microsoft ≫ Office Version2007 Updatesp2

Microsoft ≫ Office Versionxp

Microsoft ≫ Office Compatibility Pack Version2007 Updatesp1

Microsoft ≫ Office Compatibility Pack Version2007 Updatesp2

Microsoft ≫ Office Excel Viewer

Microsoft ≫ Office Groove Version2007

Microsoft ≫ Office Groove Version2007 Updatesp1

Microsoft ≫ Office Powerpoint Viewer

Microsoft ≫ Office Powerpoint Viewer Version2007 Updatesp1

Microsoft ≫ Office Powerpoint Viewer Version2007 Updatesp2

Microsoft ≫ Office Word Viewer

Microsoft ≫ Project Version2002 Updatesp1

Microsoft ≫ Visio Version2002 Updatesp2

Microsoft ≫ Word Viewer Version2003

Microsoft ≫ Word Viewer Version2003 Updatesp3

Microsoft ≫ Works Version8.5

Microsoft ≫ Report Viewer Version2005 Updatesp1 Editionredistributable_package

Microsoft ≫ Report Viewer Version2008 Editionredistributable_package

Microsoft ≫ Report Viewer Version2008 Updatesp1 Editionredistributable_package

Microsoft ≫ Visual Studio Version2008

Microsoft ≫ Visual Studio Version2008 Updatesp1

Microsoft ≫ Visual Studio .Net Version2003 Updatesp1

Microsoft ≫ Visual Studio .Net Version2005 Updatesp1

Microsoft ≫ Forefront Client Security Version1.0

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Visual Foxpro Version8.0 Updatesp1

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Visual Foxpro Version9.0 Updatesp2

Microsoft ≫ Windows 2000 Updatesp4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	51.68%	0.978

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800

https://nvd.nist.gov/vuln/detail/CVE-2009-2501

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2501

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2501

EUVD