Vulnerabilities > CVE-2008-3014 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Summary
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Windows NASL id SMB_KB954593.NASL description The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for the user to open it using an affected Microsoft application. last seen 2020-06-01 modified 2020-06-02 plugin id 106298 published 2018-01-24 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106298 title MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106298); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2007-5348", "CVE-2008-3012", "CVE-2008-3013", "CVE-2008-3014", "CVE-2008-3015" ); script_bugtraq_id( 31018, 31019, 31020, 31021, 31022 ); script_xref(name:"MSFT", value:"MS08-052"); script_xref(name:"MSKB", value:"938464"); script_xref(name:"MSKB", value:"954326"); script_xref(name:"MSKB", value:"954478"); script_xref(name:"MSKB", value:"954479"); script_xref(name:"MSKB", value:"954606"); script_name(english:"MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)"); script_summary(english:"Checks the version of MSSQL"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple arbitrary execution flaws."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for the user to open it using an affected Microsoft application."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-052"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for SQL Server 2000 and 2005."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/24"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc."); script_dependencies("mssqlserver_detect.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports(1433, "Services/mssql"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); port = get_service(svc:"mssql", exit_on_fail:TRUE); ver = get_kb_item("MSSQL/" + port + "/Version"); if (!ver) audit(AUDIT_SERVICE_VER_FAIL,"MSSQL", port); v = split(ver, sep:".", keep:FALSE); for (i=0; i < max_index(v); i++) v[i] = int(v[i]); if (report_paranoia < 2) audit(AUDIT_PARANOID); pcidss = get_kb_item("Settings/PCI_DSS"); vuln = 0; if (pcidss && (v[0] == 8 && v[1] == 0 && v[2] < 534)) # 2000 < SP2 { vuln++; fix = "8.0.1062"; } else if (v[0] == 8 && v[1] == 0 && (v[2] >= 1038 && v[2] < 1062)) # 2000 SP2 { vuln++; fix = "8.0.1062"; } else if (pcidss && (v[0] == 9 && v[1] == 0 && v[2] < 3042)) # 2005 < SP2 { vuln++; fix = "9.0.3072"; } else if (v[0] == 9 && v[1] == 0 && (v[2] >= 3000 && v[2] < 3072)) # 2005 SP2 GDR { vuln++; fix = "9.0.3072"; } else if (v[0] == 9 && v[1] == 0 && (v[2] >= 3200 && v[2] < 3281)) { vuln++; fix = "9.0.3281"; } if(vuln > 0) { report = '\n Installed Version : ' + ver; report +='\n Fixed Version : ' + fix +'\n'; security_report_v4(severity:SECURITY_HOLE, port:port, extra:report); } else audit(AUDIT_INST_VER_NOT_VULN, "MSSQL", ver);
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS08-052.NASL description The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for him to open it using an affected Microsoft application. last seen 2020-06-01 modified 2020-06-02 plugin id 34120 published 2008-09-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34120 title MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(34120); script_version("1.40"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id( "CVE-2007-5348", "CVE-2008-3012", "CVE-2008-3013", "CVE-2008-3014", "CVE-2008-3015" ); script_bugtraq_id(31018, 31019, 31020, 31021, 31022); script_xref(name:"MSFT", value:"MS08-052"); script_xref(name:"MSKB", value:"938464"); script_xref(name:"MSKB", value:"954326"); script_xref(name:"MSKB", value:"954478"); script_xref(name:"MSKB", value:"954479"); script_xref(name:"MSKB", value:"954606"); script_name(english:"MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)"); script_summary(english:"Determines the presence of update 954593"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through the Microsoft GDI rendering engine."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for him to open it using an affected Microsoft application."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-052"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "mssql_version.nasl", "smb_nt_ms02-031.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS08-052'; kbs = make_list("938464", "954326", "954478", "954479", "954606"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); patched = 0; rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:rootfile); lastshare = share; accessibleshare = FALSE; path = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1", string:rootfile); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); r = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (r != 1) { NetUseDel(); audit(AUDIT_SHARE_FAIL, share); } accessibleshare = TRUE; paths = make_list ( "\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac", "\WinSxS\Policies\amd64_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_AE43B2CC" ); foreach spath (paths) { spath = path + spath; handle = CreateFile (file:spath, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_DIRECTORY, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING); if ( ! isnull(handle) ) { patched++; CloseFile(handle:handle); break; } } NetUseDel(); vuln = 0; office_versions = hotfix_check_office_version (); visio_versions = get_kb_item("SMB/Office/Visio/*/VisioPath"); cdir = hotfix_get_commonfilesdir(); if (is_accessible_share()) { if (hotfix_check_sp(win2k:6, xp:4, win2003:3, vista:2) > 0) { kb = '938464'; # Windows 2000, XP, 2003, Vista, 2008 and IE 6 if ( !patched && ( hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"5.2.6000.16683", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"5.2.6000.20826", min_version:"5.2.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"6.0.6000.16683", min_version:"6.0.6000.0", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Gdiplus.dll", version:"6.0.6000.20826", min_version:"6.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"5.2.6001.18065", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"5.2.6001.22170", min_version:"5.2.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"6.0.6001.18065", min_version:"6.0.6001.0", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Gdiplus.dll", version:"6.0.6001.22170", min_version:"6.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.2", sp:1, file:"Gdiplus.dll", version:"5.2.3790.3126", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.2", sp:2, file:"Gdiplus.dll", version:"5.2.3790.4278", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Gdiplus.dll", version:"5.1.3102.3352", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:3, file:"Gdiplus.dll", version:"5.1.3102.5581", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.0", file:"Gdiplus.dll", version:"5.1.3102.3352", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.0", file:"Vgx.dll", version:"6.0.2800.1612", min_version:"6.0.0.0", dir:"\Microsoft Shared\VGX", path:cdir, bulletin:bulletin, kb:kb) ) ) { vuln++; } } } # Office 2003 if (office_versions["11.0"]) { path = hotfix_get_officeprogramfilesdir(officever:"11.0") + "\Microsoft Office\OFFICE11"; share = hotfix_path2share(path:path); if (share != lastshare || !accessibleshare) { lastshare = share; if (is_accessible_share(share:share)) accessibleshare = TRUE; } if (accessibleshare) { if ( hotfix_check_fversion(file:"Gdiplus.dll", version:"11.0.8230.0", path:path, bulletin:bulletin, kb:'954478') == HCF_OLDER ) { vuln++; } } } # Office 2007 if (office_versions["12.0"]) { path = hotfix_get_commonfilesdir() + "\Microsoft Shared\OFFICE12"; share = hotfix_path2share(path:path); if (share != lastshare || !accessibleshare) { lastshare = share; if (is_accessible_share(share:share)) accesibleshare = TRUE; } if (accessibleshare) { if ( hotfix_check_fversion(file:"Ogl.dll", version:"12.0.6325.5000", path:path, bulletin:bulletin, kb:'954326') == HCF_OLDER ) { vuln++; } } } # Visio 2002 foreach visio_version (keys(visio_versions)) { if ("10.0" >< visio_version) { path = hotfix_get_commonfilesdir() + "\Microsoft Shared\OFFICE10"; share = hotfix_path2share(path:path); if (share != lastshare || !accessibleshare) { lastshare = share; if (is_accessible_share(share:share)) accessibleshare = TRUE; } if (accessibleshare) { if ( hotfix_check_fversion(file:"Mso.dll", version:"10.0.6844.0", path:path, bulletin:bulletin, kb:'954479') == HCF_OLDER ) { vuln++; } } break; } } # SQL server 2005 kb = '954606'; if ( ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3073.0", min_version:"2005.90.3000.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) || ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3282.0", min_version:"2005.90.3200.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ) { vuln++; } hotfix_check_fversion_end(); if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); exit(0); } else audit(AUDIT_HOST_NOT, 'affected');
Oval
accepted | 2014-06-30T04:11:12.309-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:6004 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2008-09-09T13:58:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | GDI+ WMF Buffer Overrun Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 66 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 31021 CVE ID:CVE-2008-3014 CNCVE ID:CNCVE-20083014 Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+子系统解析特殊构建的WMF文件存在问题,远程攻击者可以利用漏洞进行内存破坏,可导致以登录用户进程权限执行任意代码。 处理WMF图像文件时由于GDI+分配内存存在错误,构建特殊的WMF文件,诱使用户访问,可触发此漏洞。 Microsoft Works 8.0 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Gold 0 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista x64 Edition 0 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Ultimate 64-bit edition 0 Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Windows Vista Home Premium 64-bit edition 0 Microsoft Windows Vista Home Basic 64-bit edition SP1 Microsoft Windows Vista Home Basic 64-bit edition 0 Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Windows Vista Enterprise 64-bit edition 0 Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Windows Vista Business 64-bit edition 0 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate Microsoft Windows Vista SP1 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic SP1 Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Enterprise Microsoft Windows Vista Business SP1 Microsoft Windows Vista Business Microsoft Windows Vista 0 Microsoft Windows Server 2008 Standard Edition 0 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2008 Enterprise Edition 0 Microsoft Windows Server 2008 Datacenter Edition 0 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Visual Studio 2003 Viewer Microsoft Visio 2002 Standard SP2 Microsoft Visio 2002 Professional SP2 Microsoft Visio 2002 SP2 Microsoft Visio 2002 SP1 Microsoft Visio 2002 Microsoft SQL Server 2005 x64 Edition SP2 Microsoft SQL Server 2005 x64 Edition SP1 Microsoft SQL Server 2005 Itanium Edition SP2 Microsoft SQL Server 2005 Itanium Edition SP1 Microsoft SQL Server 2005 Itanium Edition 0 Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2 Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1 Microsoft SQL Server 2005 Express Edition SP2 Microsoft SQL Server 2005 Express Edition SP1 Microsoft SQL Server 2005 Express Edition 0 Microsoft SQL Server 2005 SP2 Microsoft SQL Server 2005 SP1 Microsoft SQL Server 2005 0 Microsoft SQL Server 2000 Reporting Services SP2 Microsoft Report Viewer 2008 0 Microsoft Report Viewer 2005 SP1 Microsoft Office XP SP3 + Microsoft Excel 2002 SP3 + Microsoft FrontPage 2002 SP3 + Microsoft Outlook 2002 SP3 + Microsoft PowerPoint 2002 SP3 + Microsoft Publisher 2002 SP3 Microsoft Office XP SP2 Microsoft Office XP SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office XP - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2007 SP1 Microsoft Office 2007 0 Microsoft Office 2003 SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2003 0 + Microsoft Excel 2003 + Microsoft FrontPage 2003 + Microsoft InfoPath 2003 + Microsoft OneNote 2003 0 + Microsoft Outlook 2003 0 + Microsoft PowerPoint 2003 0 + Microsoft Publisher 2003 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Professional Microsoft Forefront Client Security 1.0 Microsoft Digital Image Suite 2006 3DM Software Disk Management Software SP2 3DM Software Disk Management Software SP1 临时解决方案可参考如下: -限制对gdiplus.dll的访问 1,在管理员命令行中运行如下命令: for /F "tokens=*" %G IN ('dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll') DO cacls %G /E /P everyone:N for /F "tokens=*" %G IN ('dir /b /s %windir%\winsxs\gdiplus.dll') DO cacls %G /E /P everyone:N for /F "tokens=*" %G IN ('dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"') DO cacls %G /E /P everyone:N for /F "tokens=*" %G IN ('dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /P everyone:N for /F "tokens=*" %G IN ('dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /P everyone:N cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /P everyone:N cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /P everyone:N cacls "%programfiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VGX\vgx.dll" /E /P everyone:N 2,重新启动 怎样恢复刚才的临时解决方案: 1,在管理员命令行中运行如下命令: for /F "tokens=*" %G IN ('dir /b /s %windir%\Microsoft.NET\Framework\gdiplus.dll') DO cacls %G /E /R everyone for /F "tokens=*" %G IN ('dir /b /s %windir%\winsxs\gdiplus.dll') DO cacls %G /E /R everyone for /F "tokens=*" %G IN ('dir /b /s ^"%windir%\Downloaded Program Files\gdiplus.dll^"') DO cacls %G /E /R everyone for /F "tokens=*" %G IN ('dir /b /s ^"%programfiles%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /R everyone for /F "tokens=*" %G IN ('dir /b /s ^"%programfiles^(86^)%\microsoft office\gdiplus.dll^"') DO cacls "%G" /E /R everyone cacls "%programfiles%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Common Files\Microsoft Shared\VFP\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Visual FoxPro 8\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Visual FoxPro 9\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Digital Image 2006\gdiplus.dll" /E /R everyone cacls "%programfiles%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Common Files\Microsoft shared\Works Shared\gdiplus.dll" /E /R everyone cacls "%programfiles%\Microsoft Works\gdiplus.dll" /E /R everyone cacls "%programfiles(x86)%\Microsoft Works\gdiplus.dll" /E /R everyone cacls "%programfiles%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone cacls "%programfiles(x86)%\ Common Files\Microsoft Shared\VGX\vgx.dll" /E /R everyone -反注册vgx.dll 1,点击‘开始’,点‘运行’,输入"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll",然后点击’确定‘。 2,出现证实反注册处理成功的对话框后,点击’确定‘。 怎样恢复刚才的临时解决方案: 1,点击‘开始’,点‘运行’,输入"%SystemRoot%\System32\regsvr32.exe" "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll",然后点击’确定‘。 2,出现证实注册处理成功的对话框后,点击’确定‘。 3,重新启动 -编辑注册表防止RSClientPrint中Internet Explorer运行: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA91DF8D-53AB-455D-AB20-F2F023E498D3}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FA91DF8D-53AB-455D-AB20-F2F023E498D3}] "Compatibility Flags"=dword:00000400 把如上内容粘贴到记事本并以.reg文件扩展名保存,并双击。 参考如下补丁程序: Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows XP Media Center Edition SP2 Microsoft Security Update for Windows XP (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e</a> -4961-9a79-49ec77d39439&displaylang=en Microsoft Windows Vista Home Premium 64-bit edition 0 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Digital Image Suite 2006 Microsoft Vulnerabilities in Digital Image 2006 using GDI+ Could Allow Remote Code Execution (KB955992) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=04afd760-8173</a> -4069-9e82-d3bf053d9eae&displaylang=en Microsoft SQL Server 2005 Itanium Edition SP2 Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en Microsoft Report Viewer 2005 SP1 Microsoft Microsoft Report Viewer Redistributable 2005 Service Pack 1 <a href=http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=82833F27-081D</a> -4B72-83EF-2836360A904D&displaylang=en Microsoft Windows Server 2003 Itanium SP1 Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4</a> -40d7-8cfc-73ae6bd6dfad&displaylang=en Microsoft Windows Server 2003 Itanium 0 Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4</a> -40d7-8cfc-73ae6bd6dfad&displaylang=en Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4</a> -40d7-8cfc-73ae6bd6dfad&displaylang=en Microsoft Windows Vista x64 Edition 0 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Security Update for Windows Server 2003 x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62</a> -47e5-8f0c-b720b957999a&displaylang=en Microsoft Security Update for Windows XP x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49</a> -4bbf-902c-bf92e527cadb&displaylang=en Microsoft Office XP SP1 Microsoft Security Update for Microsoft Office XP (KB953405) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17</a> -4500-9da4-a3bba97fda6d&displaylang=en Microsoft Security Update for Microsoft Office XP (KB953405) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17</a> -4500-9da4-a3bba97fda6d Microsoft SQL Server 2005 SP2 Microsoft Search Advanced Search Security Update for SQL Server 2005 Service Pack 2 (KB954606) Brief Descrip <a href=http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en Microsoft Security Update for SQL Server 2005 QFE Service Pack 2 (KB954607) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=5148B887-F323</a> -4ADB-9721-61E1C0CFD213&displaylang=en Microsoft Security Update for SQL Server 2005 Service Pack 2 (KB954606) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=4603C722-2468</a> -4ADB-B945-2ED0458B8F47&displaylang=en Microsoft Windows Vista Business 64-bit edition 0 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows Vista Home Basic SP1 Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows XP Media Center Edition SP1 Microsoft Security Update for Windows XP (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e</a> -4961-9a79-49ec77d39439&displaylang=en Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows XP Media Center Edition SP3 Microsoft Security Update for Windows XP (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e</a> -4961-9a79-49ec77d39439&displaylang=en Microsoft Office 2003 SP2 Microsoft Security Update for Office 2003 (KB954478) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721</a> -4bab-b485-5eede8d49eb8&displaylang=en Microsoft Report Viewer 2008 0 Microsoft Microsoft Report Viewer Redistributable 2008 <a href=http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=6AE0AA19-3E6C</a> -474C-9D57-05B2347456B1&displaylang=en Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4</a> -40d7-8cfc-73ae6bd6dfad&displaylang=en Microsoft Windows Server 2003 Web Edition SP2 Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows Vista Home Premium Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows Server 2003 x64 SP1 Microsoft Security Update for Windows Server 2003 x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62</a> -47e5-8f0c-b720b957999a&displaylang=en Microsoft Security Update for Windows XP x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49</a> -4bbf-902c-bf92e527cadb&displaylang=en Microsoft Windows Vista Enterprise Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows XP Professional x64 Edition SP2 Microsoft Security Update for Windows XP x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49</a> -4bbf-902c-bf92e527cadb&displaylang=en Microsoft Internet Explorer 6.0 SP1 Microsoft Security Update for Windows 2000 (KB938464) - English <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=a860d2d9-653d target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=a860d2d9-653d</a> -4ddb-bbff-323d3ccdb866&displaylang=en Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows Server 2003 Standard Edition Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows Vista Enterprise 64-bit edition 0 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows Vista 0 Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows Vista Business Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows Server 2003 x64 SP2 Microsoft Security Update for Windows Server 2003 x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62</a> -47e5-8f0c-b720b957999a&displaylang=en Microsoft Security Update for Windows XP x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49</a> -4bbf-902c-bf92e527cadb&displaylang=en Microsoft Windows Vista x64 Edition SP1 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft SQL Server 2000 Reporting Services SP2 Microsoft Security Update for SQL Server Reporting Services 2000 Service Pack 2 (KB954609) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=5F9E7F78-7439 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=5F9E7F78-7439</a> -414B-A9DC-A779B89427DB Microsoft Windows Vista Ultimate SP1 Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Office XP Microsoft Security Update for Microsoft Office XP (KB953405) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17</a> -4500-9da4-a3bba97fda6d&displaylang=en Microsoft Security Update for Microsoft Office XP (KB953405) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17</a> -4500-9da4-a3bba97fda6d Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Security Update for Windows Server 2003 x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62</a> -47e5-8f0c-b720b957999a&displaylang=en Microsoft Security Update for Windows XP x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49</a> -4bbf-902c-bf92e527cadb&displaylang=en Microsoft Windows XP Professional Microsoft Security Update for Windows XP (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e</a> -4961-9a79-49ec77d39439&displaylang=en Microsoft Internet Explorer 6.0 Microsoft Security Update for Windows 2000 (KB938464) - English <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=a860d2d9-653d target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=a860d2d9-653d</a> -4ddb-bbff-323d3ccdb866&displaylang=en Microsoft Windows XP 0 Microsoft Security Update for Windows XP (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e</a> -4961-9a79-49ec77d39439&displaylang=en Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4</a> -40d7-8cfc-73ae6bd6dfad&displaylang=en Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Security Update for Windows Server 2003 x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=93f1451b-5b62</a> -47e5-8f0c-b720b957999a&displaylang=en Microsoft Security Update for Windows XP x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49</a> -4bbf-902c-bf92e527cadb&displaylang=en Microsoft Windows Vista Home Basic 64-bit edition 0 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows Vista SP1 Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Office XP SP3 Microsoft Security Update for Microsoft Office XP (KB953405) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17</a> -4500-9da4-a3bba97fda6d&displaylang=en Microsoft Security Update for Microsoft Office XP (KB953405) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ef3de64c-fc17</a> -4500-9da4-a3bba97fda6d Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Security Update for Windows Server 2008 x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=7f1e0f05-6c9d target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=7f1e0f05-6c9d</a> -4ad1-9b19-50ee4fa7bd7e&displaylang=en Microsoft Office 2003 0 Microsoft Security Update for Office 2003 (KB954478) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721</a> -4bab-b485-5eede8d49eb8&displaylang=en Microsoft Windows Vista Home Basic Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows Vista Business SP1 Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows Server 2003 Datacenter Edition Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows XP 64-bit Edition SP1 Microsoft Security Update for Windows XP x64 Edition (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=c5d26771-1f49</a> -4bbf-902c-bf92e527cadb&displaylang=en Microsoft Office 2003 SP3 Microsoft Security Update for Office 2003 (KB954478) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e9f8e309-d721</a> -4bab-b485-5eede8d49eb8&displaylang=en Microsoft Windows Vista Ultimate Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en 3DM Software Disk Management Software SP2 Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows Vista Home Premium SP1 Microsoft Security Update for Windows Vista (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=16f3ad21-ed77</a> -4c32-93df-3b650b2b32a5&displaylang=en Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows Server 2003 Enterprise Edition Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Forefront Client Security 1.0 Microsoft Microsoft Forefront Security v 1.0 MS08-052 (KB 957177) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=1EB1A79F-44CA</a> -499E-90BB-AC51894E9D1E&displaylang=en Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows XP Home SP2 Microsoft Security Update for Windows XP (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e</a> -4961-9a79-49ec77d39439&displaylang=en 3DM Software Disk Management Software SP1 Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows Server 2003 Itanium SP2 Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=14e99f8a-cdd4</a> -40d7-8cfc-73ae6bd6dfad&displaylang=en Microsoft Windows Server 2003 Web Edition Microsoft Security Update for Windows Server 2003 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=ac03f138-eca4</a> -46e1-9782-e811820e547f&displaylang=en Microsoft Windows XP Home Microsoft Security Update for Windows XP (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=e0bd6fbe-f46e</a> -4961-9a79-49ec77d39439&displaylang=en Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Security Update for Windows Vista for x64-based Systems (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=aa47d016-f5c9</a> -4586-8876-f1f4f255f54d&displaylang=en Microsoft Windows Server 2008 Standard Edition 0 Microsoft Security Update for Windows Server 2008 (KB938464) <a href=http://www.microsoft.com/downloads/details.aspx?familyid=23bd3be5-cc66 target=_blank>http://www.microsoft.com/downloads/details.aspx?familyid=23bd3be5-cc66</a> -46f8-9420-49d65d8afe1d&displaylang=en |
id | SSV:4019 |
last seen | 2017-11-19 |
modified | 2008-09-11 |
published | 2008-09-11 |
reporter | Root |
title | Microsoft GDI+ WMF文件远程代码执行漏洞(MS08-052) |
References
- http://marc.info/?l=bugtraq&m=122235754013992&w=2
- http://www.us-cert.gov/cas/techalerts/TA08-253A.html
- http://www.securitytracker.com/id?1020837
- http://www.securityfocus.com/bid/31021
- http://secunia.com/advisories/32154
- http://www.vupen.com/english/advisories/2008/2696
- http://www.vupen.com/english/advisories/2008/2520
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052