Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2007-5348

Published: Sep 11, 2008 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-5348
CWEhttps://cwe.mitre.org/data/definitions/189.html

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka GDI+ VML Buffer Overrun Vulnerability.

Affected Software

Name Vendor Start Version End Version
Digital_image_suite Microsoft 2006 (including) 2006 (including)
Forefront_client_security Microsoft 1.0 (including) 1.0 (including)
Internet_explorer Microsoft 6-sp1 (including) 6-sp1 (including)
Office Microsoft 2003-sp2 (including) 2003-sp2 (including)
Office Microsoft 2003-sp3 (including) 2003-sp3 (including)
Office Microsoft xp-sp3 (including) xp-sp3 (including)
Office_powerpoint_viewer Microsoft 2003 (including) 2003 (including)
Report_viewer Microsoft 2005-sp1 (including) 2005-sp1 (including)
Report_viewer Microsoft 2008 (including) 2008 (including)
Server Microsoft 2008 (including) 2008 (including)
Sql_server Microsoft 2005-sp2 (including) 2005-sp2 (including)
Sql_server_reporting_services Microsoft 2000-sp2 (including) 2000-sp2 (including)
Visio Microsoft 2002-sp2 (including) 2002-sp2 (including)
Works Microsoft 8.0 (including) 8.0 (including)
Office_system Microsoft * *
Windows Microsoft 2003_server-sp1 (including) 2003_server-sp1 (including)
Windows Microsoft 2003_server-sp2 (including) 2003_server-sp2 (including)
Windows-nt Microsoft vista (including) vista (including)
Windows-nt Microsoft xp-sp3 (including) xp-sp3 (including)
Windows_vista Microsoft –sp1 (including) –sp1 (including)
Windows_xp Microsoft –sp2 (including) –sp2 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use