9.3 - MS04-028

Executive Summary

Informations
Name	MS04-028	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1105

Oval ID:	oval:org.mitre.oval:def:1105
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (Server 2003)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	2
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	GDI+
Definition Synopsis:
64-bit XP or Server 2003 is installed 64-bit XP is installed Windows XP is installed AND 64-Bit (x64 architecture) version of Windows is installed AND Windows Server 2003 is installed AND the version of sxs.dll is less than 5.2.3790.121

Definition Id: oval:org.mitre.oval:def:1721

Oval ID:	oval:org.mitre.oval:def:1721
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	6
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Visual Studio .NET 2003
Definition Synopsis:
Microsoft Visual Studio .NET 2003 Installed AND the version of Gdiplus.dll for Visual Studio .NET is less than 5.1.3102.1355

Definition Id: oval:org.mitre.oval:def:2706

Oval ID:	oval:org.mitre.oval:def:2706
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (Office 2003)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Office 2003
Definition Synopsis:
Microsoft Office 2003 is installed AND the version of Gdiplus.dll for Microsoft Office is less than 6.0.3264.0

Definition Id: oval:org.mitre.oval:def:3038

Oval ID:	oval:org.mitre.oval:def:3038
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	3
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Project Professional 2002
Definition Synopsis:
Windows Project Professional 2002 Service Pack 1 is installed AND the version of mso.dll is less than 10.0.6714.0

Definition Id: oval:org.mitre.oval:def:3082

Oval ID:	oval:org.mitre.oval:def:3082
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	3
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Office Visio Professional 2002
Definition Synopsis:
Visio Professional 2002 with service pack 2 AND the version of mso.dll is less than 10.0.6714.0

Definition Id: oval:org.mitre.oval:def:3320

Oval ID:	oval:org.mitre.oval:def:3320
Title:	GDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	4
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Office Visio Professional 2003
Definition Synopsis:
AND the version of gdiplus.dll is less than 6.0.3264.0

Definition Id: oval:org.mitre.oval:def:3810

Oval ID:	oval:org.mitre.oval:def:3810
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (Project 2003)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	3
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Project Professional 2003
Definition Synopsis:
Project Professional 2003 Installed AND the version of gdiplus.dll is less than 6.0.3264.0

Definition Id: oval:org.mitre.oval:def:3881

Oval ID:	oval:org.mitre.oval:def:3881
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	3
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Office XP SP2
Definition Synopsis:
Microsoft Office XP Service Pack 2 is installed AND the version of mso.dll is less than 10.0.6714.0

Definition Id: oval:org.mitre.oval:def:4003

Oval ID:	oval:org.mitre.oval:def:4003
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (Windows XP)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	2
Platform(s):	Microsoft Windows XP	Product(s):	GDI+
Definition Synopsis:
Windows XP is installed AND the version of sxs.dll is less than 5.1.2600.1363

Definition Id: oval:org.mitre.oval:def:4216

Oval ID:	oval:org.mitre.oval:def:4216
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (IE6)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Windows 2000 is installed AND Internet Explorer 6 Service Pack 1 is installed AND the version of vgx.dll is less than 6.0.2800.1411

Definition Id: oval:org.mitre.oval:def:4307

Oval ID:	oval:org.mitre.oval:def:4307
Title:	GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002)
Description:	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0200	Version:	6
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Visual Studio .NET 2002
Definition Synopsis:
Microsoft Visual Studio .NET 2002 Installed AND the version of Gdiplus.dll for Microsoft Visual Studio .NET is less than 5.1.3102.1355

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft .Net Framework cpe:2.3:a:microsoft:.net_framework:1.0:sp2:sdk:::::*	1
Application	Microsoft Digital Image Pro cpe:2.3:a:microsoft:digital_image_pro:9:::::::* cpe:2.3:a:microsoft:digital_image_pro:7.0:::::::*	2
Application	Microsoft Digital Image Suite cpe:2.3:a:microsoft:digital_image_suite:9:::::::*	1
Application	Microsoft Excel cpe:2.3:a:microsoft:excel:2003:::::::* cpe:2.3:a:microsoft:excel:2002:::::::*	2
Application	Microsoft Frontpage cpe:2.3:a:microsoft:frontpage:2003:::::::* cpe:2.3:a:microsoft:frontpage:2002:::::::*	2
Application	Microsoft Greetings cpe:2.3:a:microsoft:greetings:2002:::::::*	1
Application	Microsoft Infopath cpe:2.3:a:microsoft:infopath:2003:::::::*	1
Application	Microsoft Office cpe:2.3:a:microsoft:office:2003:::::::* cpe:2.3:a:microsoft:office:xp:sp3::::::	2
Application	Microsoft Onenote cpe:2.3:a:microsoft:onenote:2003:::::::*	1
Application	Microsoft Outlook cpe:2.3:a:microsoft:outlook:2003:::::::* cpe:2.3:a:microsoft:outlook:2002:::::::*	2
Application	Microsoft Picture It cpe:2.3:a:microsoft:picture_it:2002:::::::* cpe:2.3:a:microsoft:picture_it:9:::::::* cpe:2.3:a:microsoft:picture_it:7.0:::::::*	3
Application	Microsoft Powerpoint cpe:2.3:a:microsoft:powerpoint:2003:::::::* cpe:2.3:a:microsoft:powerpoint:2002:::::::*	2
Application	Microsoft Producer cpe:2.3:a:microsoft:producer::gold:office_powerpoints:::::	1
Application	Microsoft Project cpe:2.3:a:microsoft:project:2003:::::::* cpe:2.3:a:microsoft:project:2002:sp1::::::	2
Application	Microsoft Publisher cpe:2.3:a:microsoft:publisher:2003:::::::* cpe:2.3:a:microsoft:publisher:2002:::::::*	2
Application	Microsoft Visio cpe:2.3:a:microsoft:visio:2003:::::::* cpe:2.3:a:microsoft:visio:2002:sp2::::::	2
Application	Microsoft Visual Basic cpe:2.3:a:microsoft:visual_basic:2003::.net_standard::::: cpe:2.3:a:microsoft:visual_basic:2002::.net_standard:::::	2
Application	Microsoft Visual C# cpe:2.3:a:microsoft:visual_c#:2003::.net_standard::::: cpe:2.3:a:microsoft:visual_c#:2002::.net_standard:::::	2
Application	Microsoft Visual C++ cpe:2.3:a:microsoft:visual_c++:2003::.net_standard::::: cpe:2.3:a:microsoft:visual_c++:2002::.net_standard:::::	2
Application	Microsoft Visual J# .Net cpe:2.3:a:microsoft:visual_j#_.net:2003::.net_standard:::::	1
Application	Microsoft Visual Studio .Net cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:::::: cpe:2.3:a:microsoft:visual_studio_.net:2002:gold::::::	2
Application	Microsoft Word cpe:2.3:a:microsoft:word:2003:::::::* cpe:2.3:a:microsoft:word:2002:::::::*	2
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*	1
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc::::: cpe:2.3:o:microsoft:windows_xp::gold::::::* cpe:2.3:o:microsoft:windows_xp::sp1:64-bit::::: cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*	4

ExploitDB Exploits

id	Description
2004-09-25	MS Windows JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028)
2004-09-23	MS Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028)
2004-09-22	MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028)

Open Source Vulnerability Database (OSVDB)

Id	Description
9951	Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow A local overflow exists in multiple Microsoft products which rely on gdiplus.dll for image processing. The gdiplus.dll fails to validate JPEG image files resulting in a buffer overflow. With a specially crafted image file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-08-27	Microsoft Multiple Products JPEG parser heap overflow attempt RuleID : 31719-community - Revision : 2 - Type : FILE-IMAGE
2014-11-16	Microsoft Multiple Products JPEG parser heap overflow attempt RuleID : 31719 - Revision : 2 - Type : FILE-IMAGE
2014-01-10	JPEG parser multipacket heap overflow attempt RuleID : 27569 - Revision : 4 - Type : FILE-IMAGE
2014-01-10	JPEG parser multipacket heap overflow attempt RuleID : 2707-community - Revision : 14 - Type : FILE-IMAGE
2014-01-10	JPEG parser multipacket heap overflow attempt RuleID : 2707 - Revision : 14 - Type : FILE-IMAGE
2014-01-10	Microsoft Multiple Products JPEG parser heap overflow attempt RuleID : 2705-community - Revision : 18 - Type : FILE-IMAGE
2014-01-10	Microsoft Multiple Products JPEG parser heap overflow attempt RuleID : 2705 - Revision : 18 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date	Description
2004-09-28	Name : The remote host may have been compromised File : radmin_port_10002.nasl - Type : ACT_GATHER_INFO
2004-09-24	Name : It is possible to log into the remote host without a password. File : smb_login_as_x.nasl - Type : ACT_GATHER_INFO
2004-09-14	Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms04-028.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:45:02	Multiple Updates
2014-01-19 21:29:52	Multiple Updates
2013-05-11 12:21:35	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	11
CPE ID(s)	43
osvdb(s)	1
ExploitDB Exploit(s)	3
Snort® Rule(s)	7
Nessus® Exploit(s)	3

	Related
10	MS04-032
10	HPSBST02394 SSR...
10	HPSBST02386 SSR...
10	HPSBST02379 SSR...
10	HPSBST02360 SSR...
9.4	HPSBST02350 SSR...
9.3	MS09-062
9.3	MS08-052
9.3	HPSBST02397 SSR...
9.3	HPSBST02372 SSR...
9.3	HPSBST02344 SSR...
9.3	HPSBST02336 SSR...
9.3	CVE-2004-0200
0	HPSBST02329 SSR...
0	HPSBST02320 SSR...
0	HPSBST02314 SSR...
0	HPSBST02304 SSR...
0	HPSBST02299 SSR...
0	HPSBST02291 SSR...
0	HPSBST02280 SSR...
0	HPSBST02260 SSR...
0	HPSBST02255 SSR...
0	HPSBST02243 SSR...
0	HPSBST02231 SSR...
0	HPSBST02214 SSR...
0	HPSBST02208 SSR...
0	HPSBST02206 SSR...
0	HPSBST02194 SSR...
0	HPSBST02184 SSR...
0	HPSBST02180 SSR...
0	HPSBST02161 SSR...
0	HPSBST02160 SSR...
0	HPSBST02134 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 33 more Alert(s)

9.3 - MS04-028

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU