Vulnerabilities > CVE-2007-5348 - Numeric Errors vulnerability in Microsoft products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

microsoft

CWE-189

critical

nessus

exploit available

NVD

Published: 2008-09-11

Updated: 2018-10-30

Summary

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Digital Image Suite 2006 Microsoft Forefront Client Security 1.0 Microsoft Internet Explorer 6 Microsoft Office 2003 Microsoft Office Xp Microsoft Office Powerpoint Viewer 2003 Microsoft Report Viewer 2005 Microsoft Report Viewer 2008 Microsoft Server 2008 Microsoft SQL Server 2005 Microsoft SQL Server Reporting Services 2000 Microsoft Visio 2002 Microsoft Works 8.0	14
OS	Microsoft Microsoft Office System * Microsoft Windows 2003_Server Microsoft Windows NT Vista Microsoft Windows NT Xp Microsoft Windows Vista - Microsoft Windows XP -	8

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	MS Internet Explorer GDI+ Proof of Concept (MS08-052). CVE-2007-5348. Dos exploit for windows platform
id	EDB-ID:6619
last seen	2016-02-01
modified	2008-09-28
published	2008-09-28
reporter	John Smith
source	https://www.exploit-db.com/download/6619/
title	Microsoft Internet Explorer GDI+ - Proof of Concept MS08-052

Nessus

NASL family	Windows
NASL id	SMB_KB954593.NASL
description	The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for the user to open it using an affected Microsoft application.
last seen	2020-06-01
modified	2020-06-02
plugin id	106298
published	2018-01-24
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106298
title	MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106298); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2007-5348", "CVE-2008-3012", "CVE-2008-3013", "CVE-2008-3014", "CVE-2008-3015" ); script_bugtraq_id( 31018, 31019, 31020, 31021, 31022 ); script_xref(name:"MSFT", value:"MS08-052"); script_xref(name:"MSKB", value:"938464"); script_xref(name:"MSKB", value:"954326"); script_xref(name:"MSKB", value:"954478"); script_xref(name:"MSKB", value:"954479"); script_xref(name:"MSKB", value:"954606"); script_name(english:"MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)"); script_summary(english:"Checks the version of MSSQL"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple arbitrary execution flaws."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for the user to open it using an affected Microsoft application."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-052"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for SQL Server 2000 and 2005."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/24"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc."); script_dependencies("mssqlserver_detect.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports(1433, "Services/mssql"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); port = get_service(svc:"mssql", exit_on_fail:TRUE); ver = get_kb_item("MSSQL/" + port + "/Version"); if (!ver) audit(AUDIT_SERVICE_VER_FAIL,"MSSQL", port); v = split(ver, sep:".", keep:FALSE); for (i=0; i < max_index(v); i++) v[i] = int(v[i]); if (report_paranoia < 2) audit(AUDIT_PARANOID); pcidss = get_kb_item("Settings/PCI_DSS"); vuln = 0; if (pcidss && (v[0] == 8 && v[1] == 0 && v[2] < 534)) # 2000 < SP2 { vuln++; fix = "8.0.1062"; } else if (v[0] == 8 && v[1] == 0 && (v[2] >= 1038 && v[2] < 1062)) # 2000 SP2 { vuln++; fix = "8.0.1062"; } else if (pcidss && (v[0] == 9 && v[1] == 0 && v[2] < 3042)) # 2005 < SP2 { vuln++; fix = "9.0.3072"; } else if (v[0] == 9 && v[1] == 0 && (v[2] >= 3000 && v[2] < 3072)) # 2005 SP2 GDR { vuln++; fix = "9.0.3072"; } else if (v[0] == 9 && v[1] == 0 && (v[2] >= 3200 && v[2] < 3281)) { vuln++; fix = "9.0.3281"; } if(vuln > 0) { report = '\n Installed Version : ' + ver; report +='\n Fixed Version : ' + fix +'\n'; security_report_v4(severity:SECURITY_HOLE, port:port, extra:report); } else audit(AUDIT_INST_VER_NOT_VULN, "MSSQL", ver);

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS08-052.NASL
description	The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for him to open it using an affected Microsoft application.
last seen	2020-06-01
modified	2020-06-02
plugin id	34120
published	2008-09-10
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34120
title	MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(34120); script_version("1.40"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id( "CVE-2007-5348", "CVE-2008-3012", "CVE-2008-3013", "CVE-2008-3014", "CVE-2008-3015" ); script_bugtraq_id(31018, 31019, 31020, 31021, 31022); script_xref(name:"MSFT", value:"MS08-052"); script_xref(name:"MSKB", value:"938464"); script_xref(name:"MSKB", value:"954326"); script_xref(name:"MSKB", value:"954478"); script_xref(name:"MSKB", value:"954479"); script_xref(name:"MSKB", value:"954606"); script_name(english:"MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)"); script_summary(english:"Determines the presence of update 954593"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through the Microsoft GDI rendering engine."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for him to open it using an affected Microsoft application."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-052"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "mssql_version.nasl", "smb_nt_ms02-031.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS08-052'; kbs = make_list("938464", "954326", "954478", "954479", "954606"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); patched = 0; rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = ereg_replace(pattern:"^([A-Za-z]):.", replace:"\1$", string:rootfile); lastshare = share; accessibleshare = FALSE; path = ereg_replace(pattern:"^[A-Za-z]:(.)", replace:"\1", string:rootfile); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); r = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (r != 1) { NetUseDel(); audit(AUDIT_SHARE_FAIL, share); } accessibleshare = TRUE; paths = make_list ( "\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac", "\WinSxS\Policies\amd64_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_AE43B2CC" ); foreach spath (paths) { spath = path + spath; handle = CreateFile (file:spath, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_DIRECTORY, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING); if ( ! isnull(handle) ) { patched++; CloseFile(handle:handle); break; } } NetUseDel(); vuln = 0; office_versions = hotfix_check_office_version (); visio_versions = get_kb_item("SMB/Office/Visio/*/VisioPath"); cdir = hotfix_get_commonfilesdir(); if (is_accessible_share()) { if (hotfix_check_sp(win2k:6, xp:4, win2003:3, vista:2) > 0) { kb = '938464'; # Windows 2000, XP, 2003, Vista, 2008 and IE 6 if ( !patched && ( hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"5.2.6000.16683", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"5.2.6000.20826", min_version:"5.2.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"6.0.6000.16683", min_version:"6.0.6000.0", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"6.0.6000.20826", min_version:"6.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"5.2.6001.18065", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"5.2.6001.22170", min_version:"5.2.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"6.0.6001.18065", min_version:"6.0.6001.0", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"6.0.6001.22170", min_version:"6.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.2", sp:1, file:"Gdiplus.dll", version:"5.2.3790.3126", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.2", sp:2, file:"Gdiplus.dll", version:"5.2.3790.4278", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Gdiplus.dll", version:"5.1.3102.3352", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:3, file:"Gdiplus.dll", version:"5.1.3102.5581", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Gdiplus.dll", version:"5.1.3102.3352", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Vgx.dll", version:"6.0.2800.1612", min_version:"6.0.0.0", dir:"\Microsoft Shared\VGX", path:cdir, bulletin:bulletin, kb:kb) ) ) { vuln++; } } } # Office 2003 if (office_versions["11.0"]) { path = hotfix_get_officeprogramfilesdir(officever:"11.0") + "\Microsoft Office\OFFICE11"; share = hotfix_path2share(path:path); if (share != lastshare \|\| !accessibleshare) { lastshare = share; if (is_accessible_share(share:share)) accessibleshare = TRUE; } if (accessibleshare) { if ( hotfix_check_fversion(file:"Gdiplus.dll", version:"11.0.8230.0", path:path, bulletin:bulletin, kb:'954478') == HCF_OLDER ) { vuln++; } } } # Office 2007 if (office_versions["12.0"]) { path = hotfix_get_commonfilesdir() + "\Microsoft Shared\OFFICE12"; share = hotfix_path2share(path:path); if (share != lastshare \|\| !accessibleshare) { lastshare = share; if (is_accessible_share(share:share)) accesibleshare = TRUE; } if (accessibleshare) { if ( hotfix_check_fversion(file:"Ogl.dll", version:"12.0.6325.5000", path:path, bulletin:bulletin, kb:'954326') == HCF_OLDER ) { vuln++; } } } # Visio 2002 foreach visio_version (keys(visio_versions)) { if ("10.0" >< visio_version) { path = hotfix_get_commonfilesdir() + "\Microsoft Shared\OFFICE10"; share = hotfix_path2share(path:path); if (share != lastshare \|\| !accessibleshare) { lastshare = share; if (is_accessible_share(share:share)) accessibleshare = TRUE; } if (accessibleshare) { if ( hotfix_check_fversion(file:"Mso.dll", version:"10.0.6844.0", path:path, bulletin:bulletin, kb:'954479') == HCF_OLDER ) { vuln++; } } break; } } # SQL server 2005 kb = '954606'; if ( ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3073.0", min_version:"2005.90.3000.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) \|\| ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3282.0", min_version:"2005.90.3200.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ) { vuln++; } hotfix_check_fversion_end(); if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); exit(0); } else audit(AUDIT_HOST_NOT, 'affected');

Oval

accepted

2014-06-30T04:11:14.006-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Todd Dolinsky
organization Hewlett-Packard
name Mike Lah
organization The MITRE Corporation
name Mike Lah
organization The MITRE Corporation
name Pradeep R B
organization SecPod Technologies
name Dragos Prisaca
organization Symantec Corporation
name Josh Turpin
organization Symantec Corporation
name Shane Shaffer
organization G2, Inc.
name Sharath S
organization SecPod Technologies
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Internet Explorer 6 is installed
oval oval:org.mitre.oval:def:563
comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
comment Microsoft Windows XP (x86) SP2 is installed
oval oval:org.mitre.oval:def:754
comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
comment Microsoft Windows Server 2003 SP2 (x86) is installed
oval oval:org.mitre.oval:def:1935
comment Microsoft Windows XP x64 Edition SP2 is installed
oval oval:org.mitre.oval:def:4193
comment Microsoft Windows Server 2003 SP2 (x64) is installed
oval oval:org.mitre.oval:def:2161
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565
comment Microsoft Windows XP Professional x64 Edition SP1 is installed
oval oval:org.mitre.oval:def:720
comment Microsoft Windows Server 2003 SP1 (x64) is installed
oval oval:org.mitre.oval:def:4386
comment Microsoft Windows Server 2003 SP1 for Itanium is installed
oval oval:org.mitre.oval:def:1205
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
oval oval:org.mitre.oval:def:4873
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
oval oval:org.mitre.oval:def:5254
comment Microsoft Office XP is installed
oval oval:org.mitre.oval:def:663
comment Microsoft Office 2003 is installed
oval oval:org.mitre.oval:def:233
comment Microsoft Office 2007 is installed
oval oval:org.mitre.oval:def:1211
comment Microsoft Office Visio 2002 SP2 is installed
oval oval:org.mitre.oval:def:692
comment Microsoft PowerPoint Viewer is installed
oval oval:org.mitre.oval:def:6014
comment Microsoft SQL Server 2005 is installed
oval oval:org.mitre.oval:def:6082
comment Microsoft SQL Server 2005 SP2 is installed
oval oval:org.mitre.oval:def:8397

description

family

windows

oval:org.mitre.oval:def:6055

status

accepted

submitted

2008-09-09T13:58:00

title

GDI+ VML Buffer Overrun Vulnerability

version

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 31018 CVE ID：CVE-2007-5348 CNCVE ID：CNCVE-20085348 Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+库不正确处理梯度大小，远程攻击者可以利用漏洞进行基于堆的缓冲区溢出，可导致任意代码执行。 GDI+库处理内存分配时存在错误，部分畸形的梯度填充输入可导致应用程序破坏堆，允许任意代码执行。攻击者必须诱使用户使用受此GDI+函数影响的应用程序来渲染文档，可通过链接，文档查看，EMAIL消息来触发。 iDefense Labs证实此漏洞影响Microsoft Windows XP SP2平台上的Internet Explorer 7 和Internet Explorer 6，如下的VGX.DLL版本受影响： 7.00.6000.20628 7.00.6000.16386 6.00.2900.3051 6.00.2900.2997 虽然VGX.DLL(处理VML)是漏洞的主要因素，但是Microsoft指出GdiPlus.dll是此漏洞的根源，在测试过程中中使用了GdiPlus.dll 5.1.3102.2180版本。 Microsoft Works 8.0 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista x64 Edition 0 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Ultimate 64-bit edition 0 Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Windows Vista Home Premium 64-bit edition 0 Microsoft Windows Vista Home Basic 64-bit edition SP1 Microsoft Windows Vista Home Basic 64-bit edition 0 Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Windows Vista Enterprise 64-bit edition 0 Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Windows Vista Business 64-bit edition 0 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate Microsoft Windows Vista SP1 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic SP1 Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Enterprise Microsoft Windows Vista Business SP1 Microsoft Windows Vista Business Microsoft Windows Vista 0 Microsoft Windows Server 2008 Standard Edition 0 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2008 Enterprise Edition 0 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Visual Studio 2003 Viewer Microsoft Visio 2002 Professional SP2 Microsoft Visio 2002 SP2 Microsoft Visio 2002 SP1 Microsoft Visio 2002 Microsoft SQL Server 2005 x64 Edition SP2 Microsoft SQL Server 2005 x64 Edition SP1 Microsoft SQL Server 2005 Itanium Edition SP2 Microsoft SQL Server 2005 Itanium Edition SP1 Microsoft SQL Server 2005 Itanium Edition 0 Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2 Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1 Microsoft SQL Server 2005 Express Edition SP2 Microsoft SQL Server 2005 Express Edition SP1 Microsoft SQL Server 2005 Express Edition 0 Microsoft SQL Server 2005 SP2 Microsoft SQL Server 2005 SP1 Microsoft SQL Server 2005 0 Microsoft SQL Server 2000 Reporting Services SP2 Microsoft Report Viewer 2008 0 Microsoft Report Viewer 2005 SP1 Microsoft Office XP SP3 + Microsoft Excel 2002 SP3 + Microsoft FrontPage 2002 SP3 + Microsoft Outlook 2002 SP3 + Microsoft PowerPoint 2002 SP3 + Microsoft Publisher 2002 SP3 Microsoft Office XP SP2 Microsoft Office XP SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office XP - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2007 SP1 Microsoft Office 2007 0 Microsoft Office 2003 SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2003 0 + Microsoft Excel 2003 + Microsoft FrontPage 2003 + Microsoft InfoPath 2003 + Microsoft OneNote 2003 0 + Microsoft Outlook 2003 0 + Microsoft PowerPoint 2003 0 + Microsoft Publisher 2003 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Professional Microsoft Forefront Client Security 1.0 Microsoft Digital Image Suite 2006 3DM Software Disk Management Software SP2 3DM Software Disk Management Software SP1 <a href=http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx</a>
id	SSV:4022
last seen	2017-11-19
modified	2008-09-11
published	2008-09-11
reporter	Root
title	Microsoft GDI+ VML基于堆的缓冲区溢出漏洞（MS08-052）

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Nessus

Oval

Seebug

References