CVE Vulnerabilities

CVE-2004-0200

Published: Sep 28, 2004 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Affected Software

Name Vendor Start Version End Version
.net_framework Microsoft 1.0-sp2 (including) 1.0-sp2 (including)
Digital_image_pro Microsoft 7.0 (including) 7.0 (including)
Digital_image_pro Microsoft 9 (including) 9 (including)
Digital_image_suite Microsoft 9 (including) 9 (including)
Excel Microsoft 2002 (including) 2002 (including)
Excel Microsoft 2003 (including) 2003 (including)
Frontpage Microsoft 2002 (including) 2002 (including)
Frontpage Microsoft 2003 (including) 2003 (including)
Greetings Microsoft 2002 (including) 2002 (including)
Infopath Microsoft 2003 (including) 2003 (including)
Office Microsoft 2003 (including) 2003 (including)
Office Microsoft xp-sp3 (including) xp-sp3 (including)
Onenote Microsoft 2003 (including) 2003 (including)
Outlook Microsoft 2002 (including) 2002 (including)
Outlook Microsoft 2003 (including) 2003 (including)
Picture_it Microsoft 7.0 (including) 7.0 (including)
Picture_it Microsoft 9 (including) 9 (including)
Picture_it Microsoft 2002 (including) 2002 (including)
Powerpoint Microsoft 2002 (including) 2002 (including)
Powerpoint Microsoft 2003 (including) 2003 (including)
Producer Microsoft * *
Project Microsoft 2002-sp1 (including) 2002-sp1 (including)
Project Microsoft 2003 (including) 2003 (including)
Publisher Microsoft 2002 (including) 2002 (including)
Publisher Microsoft 2003 (including) 2003 (including)
Visio Microsoft 2002-sp2 (including) 2002-sp2 (including)
Visio Microsoft 2003 (including) 2003 (including)
Visual_basic Microsoft 2002 (including) 2002 (including)
Visual_basic Microsoft 2003 (including) 2003 (including)
Visual_c# Microsoft 2002 (including) 2002 (including)
Visual_c# Microsoft 2003 (including) 2003 (including)
Visual_c++ Microsoft 2002 (including) 2002 (including)
Visual_c++ Microsoft 2003 (including) 2003 (including)
Visual_j#_.net Microsoft 2003 (including) 2003 (including)
Visual_studio_.net Microsoft 2002-gold (including) 2002-gold (including)
Visual_studio_.net Microsoft 2003-gold (including) 2003-gold (including)
Word Microsoft 2002 (including) 2002 (including)
Word Microsoft 2003 (including) 2003 (including)

References