CVE-2008-3015

CVE	CVE-2008-3015
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-09-11 01:11:00 UTC
Updated	2018-10-12 21:47:00 UTC
Description	Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."

Problem Types: CWE-189

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Digital Image Suite	2006	All	All	All
Application	Microsoft	Digital Image Suite	2006	All	All	All
Application	Microsoft	Forefront Client Security	1.0	All	All	All
Application	Microsoft	Forefront Client Security	1.0	All	All	All
Application	Microsoft	Office	2003	sp2	All	All
Application	Microsoft	Office	2003	sp3	All	All
Application	Microsoft	Office	2007	All	gold	All
Application	Microsoft	Office	2007	sp1	All	All
Application	Microsoft	Office	xp	sp3	All	All
Application	Microsoft	Office	2003	sp2	All	All
Application	Microsoft	Office	2003	sp3	All	All
Application	Microsoft	Office	2007	All	gold	All
Application	Microsoft	Office	2007	sp1	All	All
Application	Microsoft	Office	xp	sp3	All	All
Application	Microsoft	Office Powerpoint Viewer	2003	All	All	All
Application	Microsoft	Office Powerpoint Viewer	2003	All	All	All
Application	Microsoft	Report Viewer	2005	sp1	All	All
Application	Microsoft	Report Viewer	2008	All	All	All
Application	Microsoft	Report Viewer	2005	sp1	All	All
Application	Microsoft	Report Viewer	2008	All	All	All
Application	Microsoft	Sql Server	2005	sp2	All	All
Application	Microsoft	Sql Server	2005	sp2	All	All
Application	Microsoft	Sql Server Reporting Services	2000	sp2	All	All
Application	Microsoft	Sql Server Reporting Services	2000	sp2	All	All
Application	Microsoft	Visio	2002	sp2	All	All
Application	Microsoft	Visio	2002	sp2	All	All
Application	Microsoft	Works	8.0	All	All	All
Application	Microsoft	Works	8.0	All	All	All

Reference	Source	Link	Tags
US-CERT Technical Cyber Security Alert TA08-253A -- Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
MS Internet Explorer GDI+ Proof of Concept (MS08-052)	EXPLOIT-DB	www.exploit-db.com
Zero Day Initiative	MISC	www.zerodayinitiative.com
Webmail - OVH	VUPEN	www.vupen.com	Vendor Advisory
WinZip GDI+ Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Webmail - OVH	VUPEN	www.vupen.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
MS Windows GDI+ Proof of Concept (MS08-052) #2	EXPLOIT-DB	www.exploit-db.com
www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt	MISC	www.evilfingers.com
SecurityTracker: Microsoft GDI+ Integer Overflow in Processing BMP Files Lets Remote Users Execute Arbitrary Code	SECTRACK	www.securitytracker.com
HPSBST02372	HP	marc.info
Microsoft Security Bulletin MS08-052 - Critical \| Microsoft Docs	MS	docs.microsoft.com
Microsoft GDI+ BMP Integer Overflow Vulnerability	BID	www.securityfocus.com
www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt	MISC	www.evilfingers.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.