Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) |
Informations | |||
---|---|---|---|
Name | MS09-062 | First vendor Publication | 2009-10-13 |
Vendor | Microsoft | Last vendor Modification | 2010-01-12 |
Severity (Vendor) | Critical | Revision | 2.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.2 (January 12, 2010): Corrected references to various Microsoft Office software. See the entry to the Frequently Asked Questions (FAQ) Related to This Security Update section that explains this revision. Customers who have successfully installed this update do not need to reinstall.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5800 | |||
Oval ID: | oval:org.mitre.oval:def:5800 | ||
Title: | GDI+ PNG Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2501 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Visio Microsoft Visual Studio 2008 Microsoft SQL Server 2005 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5898 | |||
Oval ID: | oval:org.mitre.oval:def:5898 | ||
Title: | GDI+ TIFF Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2502 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Internet Explorer 6 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Visio 2002 Microsoft Visual Studio 2008 Microsoft SQL Server 2005 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5967 | |||
Oval ID: | oval:org.mitre.oval:def:5967 | ||
Title: | GDI+ WMF Integer Overflow Vulnerability | ||
Description: | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2500 | Version: | 24 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Visio 2002 Microsoft Visual Studio 2008 Microsoft SQL Server 2005 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6134 | |||
Oval ID: | oval:org.mitre.oval:def:6134 | ||
Title: | GDI+ PNG Integer Overflow Vulnerability | ||
Description: | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3126 | Version: | 24 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Visio 2002 Microsoft Visual Studio 2008 Microsoft SQL Server 2005 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6282 | |||
Oval ID: | oval:org.mitre.oval:def:6282 | ||
Title: | GDI+ .NET API Vulnerability | ||
Description: | Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2504 | Version: | 24 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Visio 2002 Microsoft Visual Studio 2008 Microsoft SQL Server 2005 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6426 | |||
Oval ID: | oval:org.mitre.oval:def:6426 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2528 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Office XP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6430 | |||
Oval ID: | oval:org.mitre.oval:def:6430 | ||
Title: | Office BMP Integer Overflow Vulnerability | ||
Description: | Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2518 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Office XP |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6491 | |||
Oval ID: | oval:org.mitre.oval:def:6491 | ||
Title: | GDI+ TIFF Buffer Overflow Vulnerability | ||
Description: | GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2503 | Version: | 24 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer 6 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Visio 2002 Microsoft Visual Studio 2008 Microsoft SQL Server 2005 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 | |
Application | 5 | |
Application | 2 | |
Application | 1 | |
Application | 2 | |
Application | 3 | |
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | 3 | |
Application |
| 6 |
Application | 1 | |
Application | 1 | |
Application | 2 | |
Application | 2 | |
Application | 2 | |
Application | 1 | |
Os | 3 | |
Os | 3 | |
Os | 4 | |
Os | 3 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Office Art Property Table Memory Corruption | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-21 | Name : Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) File : nvt/secpod_ms09-062.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58870 | Microsoft Office BMP Image Color Processing Overflow |
58869 | Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code E... |
58868 | Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow |
58867 | Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation |
58866 | Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitr... |
58865 | Microsoft Multiple Products GDI+ TIFF Image Handling Overflow |
58864 | Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow |
58863 | Microsoft Multiple Products GDI+ WMF Image Handling Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-15 | IAVM : 2009-A-0099 - Multiple Vulnerabilities in Microsoft GDI+ Severity : Category I - VMSKEY : V0021759 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 6700 - Revision : 20 - Type : FILE-IMAGE |
2019-08-27 | Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt RuleID : 50798 - Revision : 1 - Type : FILE-IMAGE |
2016-03-14 | Microsoft Windows malformed WMF meta escape record memory corruption attempt RuleID : 36856 - Revision : 2 - Type : FILE-IMAGE |
2015-03-19 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 33518 - Revision : 3 - Type : FILE-IMAGE |
2015-03-19 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 33517 - Revision : 3 - Type : FILE-IMAGE |
2015-03-19 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 33516 - Revision : 3 - Type : FILE-IMAGE |
2015-03-19 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 33515 - Revision : 3 - Type : FILE-IMAGE |
2015-01-15 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 32833 - Revision : 2 - Type : FILE-IMAGE |
2015-01-15 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 32832 - Revision : 2 - Type : FILE-IMAGE |
2015-01-15 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 32831 - Revision : 2 - Type : FILE-IMAGE |
2015-01-15 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 32830 - Revision : 2 - Type : FILE-IMAGE |
2015-01-15 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 32829 - Revision : 2 - Type : FILE-IMAGE |
2015-01-15 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 32828 - Revision : 2 - Type : FILE-IMAGE |
2014-03-27 | Microsoft Multiple Products potentially malicious PNG detected - large or inv... RuleID : 29945 - Revision : 4 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 26865 - Revision : 4 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 23590 - Revision : 7 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 23589 - Revision : 8 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Office Excel GDI+ Office Art Property Table remote code execution a... RuleID : 23541 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word GDI+ Office Art Property Table remote code execution at... RuleID : 23540 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office BMP header biClrUsed integer overflow attempt RuleID : 23525 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 21160 - Revision : 9 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Office BMP header biClrUsed integer overflow attempt RuleID : 16361 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt RuleID : 16327 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt RuleID : 16186 - Revision : 12 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Windows GDI+ compressed TIFF file parsing remote code execution att... RuleID : 16185 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 16184 - Revision : 16 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Office Excel GDI+ Office Art Property Table remote code execution a... RuleID : 16178 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word GDI+ Office Art Property Table remote code execution at... RuleID : 16177 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | GDI+ .NET image property parsing memory corruption RuleID : 16154 - Revision : 9 - Type : FILE-EXECUTABLE |
2014-01-10 | Microsoft Windows malformed WMF meta escape record memory corruption attempt RuleID : 16153 - Revision : 13 - Type : FILE-IMAGE |
2014-01-10 | Windows BMP image conversion arbitrary code execution attempt RuleID : 13879 - Revision : 13 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-03-10 | Name : Arbitrary code can be executed on the remote host through the Microsoft GDI r... File : smb_kb957488.nasl - Type : ACT_GATHER_INFO |
2009-10-15 | Name : Arbitrary code can be executed on the remote host through the Microsoft GDI r... File : smb_nt_ms09-062.nasl - Type : ACT_GATHER_INFO |
2003-01-26 | Name : The remote host has a database server installed. File : mssql_version.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-12-12 21:23:44 |
|
2020-12-08 21:24:01 |
|
2020-12-05 21:23:47 |
|
2015-08-10 21:30:55 |
|
2015-03-19 21:26:43 |
|
2015-01-15 21:23:49 |
|
2014-03-27 21:20:56 |
|
2014-03-11 13:21:27 |
|
2014-02-17 11:46:23 |
|
2014-01-19 21:30:23 |
|
2013-11-11 12:41:14 |
|
2013-05-11 00:49:33 |
|