Microsoft GDI+ BMP 整数溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1185413 漏洞类型 数字错误
发布时间 2008-09-09 更新时间 2009-04-01
CVE编号 CVE-2008-3015 CNNVD-ID CNNVD-200809-113
漏洞平台 N/A CVSS评分 9.3
|漏洞来源
https://www.securityfocus.com/bid/31022
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-113
|漏洞详情
MicrosoftGDI+通过基于类的API提供对各种图形方式的访问。多款Microsft软件(OfficeXPSP3,Office2003SP2andSP3,2007MicrosoftOfficeSystemGoldandSP1,Visio2002SP2,PowerPointViewer2003,Works8,DigitalImageSuite2006,SQLServer2000ReportingServicesSP2,SQLServer2005SP2,ReportViewer2005SP1and2008,andForefrontClientSecurity1.0)GDI+的gdiplus.dll存在整数溢出漏洞。远程攻击者可利用包含畸形BitMapInfoHeader的BMP图片文件,触发缓冲区溢出,执行任意指令。该漏洞也称为"GDI+BMP整数溢出漏洞"。
|受影响的产品
Symantec Backup Exec for Windows Servers 12.0 Symantec Backup Exec for Windows Servers 11d Rim Blackberry Unite! 1.0.1 bundle 36 Rim Blackberry Unite! 1.0.1 Rim Blackberry Unite! 1.0
|参考资料

来源:US-CERT
名称:TA08-253A
链接:http://www.us-cert.gov/cas/techalerts/TA08-253A.html
来源:MS
名称:MS08-052
链接:http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-08-055
来源:SECTRACK
名称:1020838
链接:http://www.securitytracker.com/id?1020838
来源:BID
名称:31022
链接:http://www.securityfocus.com/bid/31022
来源:BUGTRAQ
名称:20080909ZDI-08-055:MicrosoftWindowsGDI+BMPParsingCodeExecutionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/496153/100/0/threaded
来源:MILW0RM
名称:6716
链接:http://www.milw0rm.com/exploits/6716
来源:MILW0RM
名称:6619
链接:http://www.milw0rm.com/exploits/6619
来源:VUPEN
名称:ADV-2008-2696
链接:http://www.frsirt.com/english/advisories/2008/2696
来源:VUPEN
名称:ADV-2008-2520
链接:http://www.frsirt.com/english/advisories/2008/2520
来源:MISC
链接:http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt
来源:MISC
链接:http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
来源:SECUNIA
名称:32154
链接:http: