CVE-2004-0200
Last modified
CVE-2004-0200 is a vulnerability of currently unknown severity. Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.. EPSS estimates a 49.02% chance of exploitation in the next 30 days.
Description
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | .Net Framework | 1.0 | Sp2 |
| Microsoft | Digital Image Pro | 7.0 | — |
| Microsoft | Digital Image Pro | 9 | — |
| Microsoft | Digital Image Suite | 9 | — |
| Microsoft | Excel | 2002 | — |
| Microsoft | Excel | 2003 | — |
| Microsoft | Frontpage | 2002 | — |
| Microsoft | Frontpage | 2003 | — |
| Microsoft | Greetings | 2002 | — |
| Microsoft | Infopath | 2003 | — |
| Microsoft | Office | 2003 | — |
| Microsoft | Office | xp | Sp3 |
| Microsoft | Onenote | 2003 | — |
| Microsoft | Outlook | 2002 | — |
| Microsoft | Outlook | 2003 | — |
| Microsoft | Picture It | 7.0 | — |
| Microsoft | Picture It | 9 | — |
| Microsoft | Picture It | 2002 | — |
| Microsoft | Powerpoint | 2002 | — |
| Microsoft | Powerpoint | 2003 | — |
| Microsoft | Producer | All versions | Gold |
| Microsoft | Project | 2002 | Sp1 |
| Microsoft | Project | 2003 | — |
| Microsoft | Publisher | 2002 | — |
| Microsoft | Publisher | 2003 | — |
| Microsoft | Visio | 2002 | Sp2 |
| Microsoft | Visio | 2003 | — |
| Microsoft | Visual Basic | 2002 | — |
| Microsoft | Visual Basic | 2003 | — |
| Microsoft | Visual C\# | 2002 | — |
| Microsoft | Visual C\# | 2003 | — |
| Microsoft | Visual C\+\+ | 2002 | — |
| Microsoft | Visual C\+\+ | 2003 | — |
| Microsoft | Visual J\# .Net | 2003 | — |
| Microsoft | Visual Studio .Net | 2002 | Gold |
| Microsoft | Visual Studio .Net | 2003 | Gold |
| Microsoft | Word | 2002 | — |
| Microsoft | Word | 2003 | — |
| Microsoft | Windows 2003 Server | r2 | — |
| Microsoft | Windows Xp | All versions | — |
References
- http://www.kb.cert.org/vuls/id/297462US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA04-260A.htmlUS Government Resource
- http://www.kb.cert.org/vuls/id/297462US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA04-260A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-0200?
How severe is CVE-2004-0200?
How do I fix CVE-2004-0200?
Are you affected by CVE-2004-0200?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST