Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2004-0200

Published: Sep 28, 2004 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2004-0200
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Affected Software

Name Vendor Start Version End Version
.net_framework Microsoft 1.0-sp2 (including) 1.0-sp2 (including)
Digital_image_pro Microsoft 7.0 (including) 7.0 (including)
Digital_image_pro Microsoft 9 (including) 9 (including)
Digital_image_suite Microsoft 9 (including) 9 (including)
Excel Microsoft 2002 (including) 2002 (including)
Excel Microsoft 2003 (including) 2003 (including)
Frontpage Microsoft 2002 (including) 2002 (including)
Frontpage Microsoft 2003 (including) 2003 (including)
Greetings Microsoft 2002 (including) 2002 (including)
Infopath Microsoft 2003 (including) 2003 (including)
Office Microsoft 2003 (including) 2003 (including)
Office Microsoft xp-sp3 (including) xp-sp3 (including)
Onenote Microsoft 2003 (including) 2003 (including)
Outlook Microsoft 2002 (including) 2002 (including)
Outlook Microsoft 2003 (including) 2003 (including)
Picture_it Microsoft 7.0 (including) 7.0 (including)
Picture_it Microsoft 9 (including) 9 (including)
Picture_it Microsoft 2002 (including) 2002 (including)
Powerpoint Microsoft 2002 (including) 2002 (including)
Powerpoint Microsoft 2003 (including) 2003 (including)
Producer Microsoft * *
Project Microsoft 2002-sp1 (including) 2002-sp1 (including)
Project Microsoft 2003 (including) 2003 (including)
Publisher Microsoft 2002 (including) 2002 (including)
Publisher Microsoft 2003 (including) 2003 (including)
Visio Microsoft 2002-sp2 (including) 2002-sp2 (including)
Visio Microsoft 2003 (including) 2003 (including)
Visual_basic Microsoft 2002 (including) 2002 (including)
Visual_basic Microsoft 2003 (including) 2003 (including)
Visual_c# Microsoft 2002 (including) 2002 (including)
Visual_c# Microsoft 2003 (including) 2003 (including)
Visual_c++ Microsoft 2002 (including) 2002 (including)
Visual_c++ Microsoft 2003 (including) 2003 (including)
Visual_j#_.net Microsoft 2003 (including) 2003 (including)
Visual_studio_.net Microsoft 2002-gold (including) 2002-gold (including)
Visual_studio_.net Microsoft 2003-gold (including) 2003-gold (including)
Word Microsoft 2002 (including) 2002 (including)
Word Microsoft 2003 (including) 2003 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use