CVE-2004-0200
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Known Affected Software
38 configuration(s) from 1 vendor(s)
excel
Version:
2002
CPE:
cpe:2.3:a:microsoft:excel:2002:gold:*:*:*:*:*:*
digital_image_pro
Version:
7.0
CPE:
cpe:2.3:a:microsoft:digital_image_pro:7.0:*:*:*:*:*:*:*
picture_it
Version:
9
CPE:
cpe:2.3:a:microsoft:picture_it:9:*:*:*:*:*:*:*
visual_c\#
Version:
2002
CPE:
cpe:2.3:a:microsoft:visual_c\#:2002:*:*:*:*:*:*:*
visual_studio_.net
Version:
2002
CPE:
cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
picture_it
Version:
7.0
CPE:
cpe:2.3:a:microsoft:picture_it:7.0:*:*:*:*:*:*:*
windows_2003_server
Version:
r2
CPE:
cpe:2.3:o:microsoft:windows_2003_server:r2:sp2:*:*:*:*:*:*
word
Version:
2003
CPE:
cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
excel
Version:
2003
CPE:
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
word
Version:
2002
CPE:
cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
digital_image_suite
Version:
9
CPE:
cpe:2.3:a:microsoft:digital_image_suite:9:*:*:*:*:*:*:*
powerpoint
Version:
2003
CPE:
cpe:2.3:a:microsoft:powerpoint:2003:sp1:*:*:*:*:*:*
frontpage
Version:
2002
CPE:
cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*
project
Version:
2002
CPE:
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
visual_c\+\+
Version:
2003
CPE:
cpe:2.3:a:microsoft:visual_c\+\+:2003:*:*:*:*:*:*:*
project
Version:
2003
CPE:
cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
publisher
Version:
2003
CPE:
cpe:2.3:a:microsoft:publisher:2003:sp3:*:*:*:*:*:*
greetings
Version:
2002
CPE:
cpe:2.3:a:microsoft:greetings:2002:*:*:*:*:*:*:*
outlook
Version:
2002
CPE:
cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*
onenote
Version:
2003
CPE:
cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*
frontpage
Version:
2003
CPE:
cpe:2.3:a:microsoft:frontpage:2003:sp3:*:*:*:*:*:*
visio
Version:
2003
CPE:
cpe:2.3:a:microsoft:visio:2003:*:*:*:professional:*:*:*
office
Version:
2003
CPE:
cpe:2.3:a:microsoft:office:2003:sp2:*:pt:*:*:*:*
.net_framework
Version:
1.0
CPE:
cpe:2.3:a:microsoft:.net_framework:1.0:-:*:*:*:*:*:*
visual_c\+\+
Version:
2002
CPE:
cpe:2.3:a:microsoft:visual_c\+\+:2002:*:*:*:*:*:*:*
publisher
Version:
2002
CPE:
cpe:2.3:a:microsoft:publisher:2002:sp3:*:*:*:*:*:*
office
Version:
xp
CPE:
cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
digital_image_pro
Version:
9
CPE:
cpe:2.3:a:microsoft:digital_image_pro:9:*:*:*:*:*:*:*
visual_studio_.net
Version:
2003
CPE:
cpe:2.3:a:microsoft:visual_studio_.net:2003:*:*:*:enterprise_architect:*:*:*
visio
Version:
2002
CPE:
cpe:2.3:a:microsoft:visio:2002:*:*:*:professional:*:*:*
visual_j\#_.net
Version:
2003
CPE:
cpe:2.3:a:microsoft:visual_j\#_.net:2003:*:*:*:*:*:*:*
powerpoint
Version:
2002
CPE:
cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
infopath
Version:
2003
CPE:
cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*
picture_it
Version:
2002
CPE:
cpe:2.3:a:microsoft:picture_it:2002:*:*:*:*:*:*:*
visual_c\#
Version:
2003
CPE:
cpe:2.3:a:microsoft:visual_c\#:2003:*:*:*:*:*:*:*
outlook
Version:
2003
CPE:
cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*
visual_basic
Version:
2003
CPE:
cpe:2.3:a:microsoft:visual_basic:2003:*:*:*:*:*:*:*
visual_basic
Version:
2002
CPE:
cpe:2.3:a:microsoft:visual_basic:2002:*:*:*:*:*:*:*
This vulnerability affects 38 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://marc.info/?l=bugtraq&m=109524346729948&w=2cve@mitre.org
-
http://www.kb.cert.org/vuls/id/297462cve@mitre.org US Government Resource
-
http://www.us-cert.gov/cas/techalerts/TA04-260A.htmlcve@mitre.org US Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028cve@mitre.org
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16304cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216cve@mitre.org
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307cve@mitre.org
-
http://marc.info/?l=bugtraq&m=109524346729948&w=2af854a3a-2127-422b-91ae-364da2661108
-
http://www.kb.cert.org/vuls/id/297462af854a3a-2127-422b-91ae-364da2661108 US Government Resource
-
http://www.us-cert.gov/cas/techalerts/TA04-260A.htmlaf854a3a-2127-422b-91ae-364da2661108 US Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028af854a3a-2127-422b-91ae-364da2661108
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16304af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Key Information
- Published Date
- September 28, 2004
