CVE-2004-0200

Severity

93%

Complexity

86%

Confidentiality

165%

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 20 years ago

2004-09-28 04:00:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

Microsoft digital_image_pro 7.0

7.0

Microsoft digital_image_pro 9

9

Microsoft digital_image_suite 9

9

Microsoft Excel 2002

2002

マイクロソフト エクセル 2003

2003

Microsoft Frontpage 2002

2002

Microsoft Frontpage 2003

2003

Microsoft Greetings 2002

2002

Microsoft InfoPath 2003

2003

Microsoft Office 2003

2003

Microsoft Office XP Service Pack 3

xp

Microsoft OneNote 2003

2003

Microsoft Outlook 2002

2002

Microsoft Outlook 2003

2003

Microsoft picture_it 7.0

7.0

Microsoft picture_it 9

9

Microsoft picture_it 2002

2002

Microsoft PowerPoint 2002

2002

Microsoft PowerPoint 2003

2003

Microsoft Project 2002 sp1

2002

Microsoft Office Project 2003

2003

Microsoft Publisher 2002

2002

Microsoft Publisher 2003

2003

Microsoft Visio 2002 Service Pack 2

2002

Microsoft Visio 2003

2003

Microsoft Visual Studio .NET 2002 Gold

2002

Microsoft Visual Studio .NET 2003 Gold

2003

Microsoft Word 2002

2002

Microsoft Word 2003

2003

Microsoft windows xp_gold

Microsoft windows xp_sp1 tablet_pc

References

20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow

VU#297462

US Government Resource

TA04-260A

US Government Resource

MS04-028

win-jpeg-bo(16304)

oval:org.mitre.oval:def:1105

oval:org.mitre.oval:def:1721

oval:org.mitre.oval:def:2706

oval:org.mitre.oval:def:3038

oval:org.mitre.oval:def:3082

oval:org.mitre.oval:def:3320

oval:org.mitre.oval:def:3810

oval:org.mitre.oval:def:3881

oval:org.mitre.oval:def:4003

oval:org.mitre.oval:def:4216

oval:org.mitre.oval:def:4307

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.