This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2009-10-14
Product Sql Server Last view 2011-06-16
Version 2005 Type Application
Update sp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:sql_server

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2011-06-16 CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
9.3 2009-10-14 CVE-2009-3126

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
9.3 2009-10-14 CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
9.3 2009-10-14 CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
9.3 2009-10-14 CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
9.3 2009-10-14 CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
9.3 2009-10-14 CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
9.3 2009-10-14 CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-189 Numeric Errors
25% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
12% (1) CWE-200 Information Exposure

SAINT Exploits

Description Link
Microsoft Office Art Property Table Memory Corruption More info here

Open Source Vulnerability Database (OSVDB)

id Description
72934 Microsoft XML Editor External Entities Resolution Unspecified Information Dis...
58869 Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code E...
58868 Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow
58867 Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation
58866 Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitr...
58865 Microsoft Multiple Products GDI+ TIFF Image Handling Overflow
58864 Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow
58863 Microsoft Multiple Products GDI+ WMF Image Handling Overflow

OpenVAS Exploits

id Description
2011-06-21 Name : Microsoft XML Editor Information Disclosure Vulnerability (2543893)
File : nvt/secpod_ms11-049.nasl
2009-10-21 Name : Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
File : nvt/secpod_ms09-062.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2011-B-0064 Microsoft XML Editor Information Disclosure Vulnerability
Severity: Category II - VMSKEY: V0028601
2009-A-0099 Multiple Vulnerabilities in Microsoft GDI+
Severity: Category I - VMSKEY: V0021759

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Microsoft Multiple Products malformed PNG detected tEXt overflow attempt
RuleID : 6700 - Type : FILE-IMAGE - Revision : 20
2019-08-27 Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt
RuleID : 50798 - Type : FILE-IMAGE - Revision : 1
2016-03-14 Microsoft Windows malformed WMF meta escape record memory corruption attempt
RuleID : 36856 - Type : FILE-IMAGE - Revision : 2
2015-03-19 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 33518 - Type : FILE-IMAGE - Revision : 3
2015-03-19 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 33517 - Type : FILE-IMAGE - Revision : 3
2015-03-19 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 33516 - Type : FILE-IMAGE - Revision : 3
2015-03-19 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 33515 - Type : FILE-IMAGE - Revision : 3
2015-01-15 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 32833 - Type : FILE-IMAGE - Revision : 2
2015-01-15 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 32832 - Type : FILE-IMAGE - Revision : 2
2015-01-15 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 32831 - Type : FILE-IMAGE - Revision : 2
2015-01-15 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 32830 - Type : FILE-IMAGE - Revision : 2
2015-01-15 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 32829 - Type : FILE-IMAGE - Revision : 2
2015-01-15 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 32828 - Type : FILE-IMAGE - Revision : 2
2014-01-10 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 23590 - Type : FILE-IMAGE - Revision : 7
2014-01-10 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 23589 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Microsoft Office Excel GDI+ Office Art Property Table remote code execution a...
RuleID : 23541 - Type : FILE-OFFICE - Revision : 4
2014-01-10 Microsoft Office Word GDI+ Office Art Property Table remote code execution at...
RuleID : 23540 - Type : FILE-OFFICE - Revision : 4
2014-01-10 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 21160 - Type : FILE-IMAGE - Revision : 9
2014-01-10 Microsoft Visual Studio information disclosure attempt
RuleID : 19234 - Type : OS-WINDOWS - Revision : 7
2014-01-10 Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt
RuleID : 16327 - Type : OS-WINDOWS - Revision : 8
2014-01-10 Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt
RuleID : 16186 - Type : FILE-IMAGE - Revision : 12
2014-01-10 Microsoft Windows GDI+ compressed TIFF file parsing remote code execution att...
RuleID : 16185 - Type : OS-WINDOWS - Revision : 8
2014-01-10 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 16184 - Type : FILE-IMAGE - Revision : 16
2014-01-10 Microsoft Office Excel GDI+ Office Art Property Table remote code execution a...
RuleID : 16178 - Type : FILE-OFFICE - Revision : 12
2014-01-10 Microsoft Office Word GDI+ Office Art Property Table remote code execution at...
RuleID : 16177 - Type : FILE-OFFICE - Revision : 12

Nessus® Vulnerability Scanner

id Description
2014-03-10 Name: An application on the remote Windows host has an information disclosure vulne...
File: smb_kb2543893.nasl - Type: ACT_GATHER_INFO
2014-03-10 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_kb957488.nasl - Type: ACT_GATHER_INFO
2011-06-15 Name: An application on the remote Windows host has an information disclosure vulne...
File: smb_nt_ms11-049.nasl - Type: ACT_GATHER_INFO
2009-10-15 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_nt_ms09-062.nasl - Type: ACT_GATHER_INFO