CVE-2008-3012

CVE	CVE-2008-3012
State	PUBLISHED
Assigner	microsoft
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-09-11 01:11:47 UTC
Updated	2026-04-23 00:35:47 UTC
Description	gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."

Primary CVSS: v2.0 9.3 from [email protected]

AV:N/AC:M/Au:N/C:C/I:C/A:C

Problem Types: CWE-119 | n/a

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Digital Image Suite	2006	All	All	All
Application	Microsoft	Forefront Client Security	1.0	All	All	All
Application	Microsoft	Internet Explorer	6	sp1	All	All
Application	Microsoft	Office	2003	sp2	All	All
Application	Microsoft	Office	2003	sp3	All	All
Application	Microsoft	Office	xp	sp3	All	All
Application	Microsoft	Office Powerpoint Viewer	2003	All	All	All
Operating System	Microsoft	Office System	All	gold	All	All
Operating System	Microsoft	Office System	All	sp1	All	All
Application	Microsoft	Report Viewer	2005	sp1	All	All
Application	Microsoft	Report Viewer	2008	All	All	All
Application	Microsoft	Server	2008	All	All	All
Application	Microsoft	Sql Server	2005	sp2	All	All
Application	Microsoft	Sql Server Reporting Services	2000	sp2	All	All
Application	Microsoft	Visio	2002	sp2	All	All
Operating System	Microsoft	Windows	2003_server	sp1	All	All
Operating System	Microsoft	Windows	2003_server	sp2	All	All
Operating System	Microsoft	Windows-nt	vista	All	gold	All
Operating System	Microsoft	Windows-nt	xp	sp3	All	All
Operating System	Microsoft	Windows Vista	-	sp1	All	All
Operating System	Microsoft	Windows Xp	-	sp2	All	All
Application	Microsoft	Works	8.0	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

Reference	Source	Link	Tags
SecurityTracker: Microsoft GDI+ Memory Corruption Error in Processing EMF Image Files Lets Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
US-CERT Technical Cyber Security Alert TA08-253A -- Microsoft Updates for Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.us-cert.gov	US Government Resource
Microsoft Security Bulletin MS08-052 - Critical \| Microsoft Docs	af854a3a-2127-422b-91ae-364da2661108	docs.microsoft.com
WinZip GDI+ Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
marc.info	af854a3a-2127-422b-91ae-364da2661108	marc.info
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.