Vulnerabilities > CVE-2004-0200 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Vulnerable Configurations
Exploit-Db
description MS Windows JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028). CVE-2004-0200. Remote exploit for windows platform id EDB-ID:478 last seen 2016-01-31 modified 2004-09-25 published 2004-09-25 reporter ATmaCA source https://www.exploit-db.com/download/478/ title Microsoft Windows - JPEG GDI+ Overflow Download Shellcode Exploit MS04-028 description MS Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028). CVE-2004-0200. Remote exploit for windows platform id EDB-ID:475 last seen 2016-01-31 modified 2004-09-23 published 2004-09-23 reporter Elia Florio source https://www.exploit-db.com/download/475/ title Microsoft Windows - JPEG GDI+ Overflow Administrator Exploit MS04-028 description MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028). CVE-2004-0200. Dos exploit for windows platform id EDB-ID:474 last seen 2016-01-31 modified 2004-09-22 published 2004-09-22 reporter perplexy source https://www.exploit-db.com/download/474/ title Microsoft Windows - JPEG Processing Buffer Overrun Exploit MS04-028 description MS Windows JPEG GDI+ Remote Heap Overflow Exploit (MS04-028). CVE-2004-0200. Remote exploit for windows platform id EDB-ID:480 last seen 2016-01-31 modified 2004-09-25 published 2004-09-25 reporter John Bissell source https://www.exploit-db.com/download/480/ title Microsoft Windows - JPEG GDI+ Remote Heap Overflow Exploit MS04-028 description MS Windows JPEG GDI+ Overflow Shellcoded Exploit. CVE-2004-0200. Remote exploit for windows platform id EDB-ID:472 last seen 2016-01-31 modified 2004-09-22 published 2004-09-22 reporter FoToZ source https://www.exploit-db.com/download/472/ title Microsoft Windows - JPEG GDI+ Overflow Shellcoded Exploit description MS Windows JPEG GDI+ All-In-One Bind/Reverse/Admin/FileDownload. CVE-2004-0200. Remote exploit for windows platform id EDB-ID:556 last seen 2016-01-31 modified 2004-09-27 published 2004-09-27 reporter M4Z3R source https://www.exploit-db.com/download/556/ title Microsoft Windows - JPEG GDI+ All-In-One Bind/Reverse/Admin/FileDownload
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS04-028.NASL description The remote host is running a version of Windows that is vulnerable to a buffer overrun attack when viewing a JPEG file which could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed JPEG file to a user on the remote host and wait for him to open it using an affected Microsoft application. last seen 2020-06-01 modified 2020-06-02 plugin id 14724 published 2004-09-14 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14724 title MS04-028: Buffer Overrun in JPEG Processing (833987) NASL family Backdoors NASL id RADMIN_PORT_10002.NASL description The remote host is running radmin - a remote administration tool - on port 10002. This indicates that an attacker may have exploited one of the flaws described in MS04-028 with a widely available exploit. As a result, anyone may connect to the remote host and gain control by logging into the remote radmin server. last seen 2020-06-01 modified 2020-06-02 plugin id 14834 published 2004-09-28 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14834 title Radmin (Remote Administrator) Port 10002 - Possible GDI Compromise NASL family Backdoors NASL id SMB_LOGIN_AS_X.NASL description It was possible to log into the remote host with the login last seen 2020-06-01 modified 2020-06-02 plugin id 14818 published 2004-09-24 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14818 title MS04-028 Exploitation Backdoor Account Detection
Oval
accepted 2006-01-04T08:04:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:1105 status accepted submitted 2004-09-20T03:22:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (Server 2003) version 65 accepted 2014-01-20T04:00:16.348-05:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name John Hoyland organization Centennial Software name Maria Kedovskaya organization ALTX-SOFT
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:1721 status accepted submitted 2004-09-24T04:32:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003) version 35 accepted 2012-05-28T04:01:36.867-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Office 2003 is installed oval oval:org.mitre.oval:def:233 description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:2706 status accepted submitted 2004-09-24T12:00:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (Office 2003) version 8 accepted 2006-01-12T08:59:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:3038 status accepted submitted 2004-09-27T12:00:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1) version 7 accepted 2006-01-12T08:59:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:3082 status accepted submitted 2004-09-27T12:00:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002) version 8 accepted 2007-07-03T14:05:59.508-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc.
definition_extensions comment Microsoft Office Visio 2003 is installed oval oval:org.mitre.oval:def:1450 description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:3320 status accepted submitted 2004-09-27T12:00:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003 version 10 accepted 2006-01-12T08:59:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:3810 status accepted submitted 2004-09-24T12:00:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (Project 2003) version 7 accepted 2006-01-12T08:59:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:3881 status accepted submitted 2004-10-04T12:00:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2) version 7 accepted 2006-01-12T08:59:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc.
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:4003 status accepted submitted 2004-09-20T03:32:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (Windows XP) version 65 accepted 2014-02-24T04:03:18.221-05:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Clifford Farrugia organization GFI Software name Maria Mikhno organization ALTX-SOFT
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:4216 status accepted submitted 2004-10-04T09:55:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (IE6) version 11 accepted 2014-01-20T04:01:19.269-05:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name John Hoyland organization Centennial Software name Maria Kedovskaya organization ALTX-SOFT
description Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. family windows id oval:org.mitre.oval:def:4307 status accepted submitted 2004-09-30T11:37:00.000-04:00 title GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002) version 34
References
- http://marc.info/?l=bugtraq&m=109524346729948&w=2
- http://www.kb.cert.org/vuls/id/297462
- http://www.us-cert.gov/cas/techalerts/TA04-260A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16304
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307