Intrusion Prevention

MS.GDIPlus.JPEG.Buffer.Overflow

Description

This indicates an attempt to exploit a vulnerability in the Microsoft Graphics Device Interface plus (GDI+).
This vulnerability impacts on a variety of Microsoft operating systems and applications, including third-party programs. The problem is in the Graphics Device Interface plus (GDI+), which facilitates proper exhibition of two-dimensional graphics and special texts to video and printer drivers.
GDI+ contains a buffer overflow vulnerability in its handling of JPEG images. An attacker can exploit this through the use of a specially crafted image. If a user is tricked into processing a tainted image, the attacker can execute arbitrary code on the victim machine and can even compromise the entire system.
Related signatures
MS.GDIPlus.JPEG.BufferOverflow.A

Affected Products

Microsoft, InfoPath, 2003
Microsoft, OneNote, 2003
MicrosoftNET Framework, 1.0 SDK SP2
Microsoft, Digital Image Pro, 7.0
Microsoft, Digital Image Pro, 9
Microsoft, Digital Image Suite, 9
Microsoft, Excel, 2002
Microsoft, Excel, 2003
Microsoft, FrontPage, 2002
Microsoft, FrontPage, 2003
Microsoft, Greetings, 2002
Microsoft, Office, 2003
Microsoft, Office, XP SP3
Microsoft, Outlook, 2002
Microsoft, Outlook, 2003
Microsoft, Picture It!, 2002
Microsoft, Picture It!, 7.0
Microsoft, Picture It!, 9
Microsoft, PowerPoint, 2002
Microsoft, PowerPoint, 2003
Microsoft, Producer, for Office PowerPoint
Microsoft, Project, 2002 SP1
Microsoft, Project, 2003
Microsoft, Publisher, 2002
Microsoft, Publisher, 2003
Microsoft, Visio, 2002 SP2
Microsoft, Visio, 2003
Microsoft, Visual Basic .NET Standard, 2002
Microsoft, Visual Basic .NET Standard, 2003
Microsoft, Visual C# .NET Standard, 2002
Microsoft, Visual C# .NET Standard, 2003
Microsoft, Visual C++ .NET, 2002
Microsoft, Visual C++ .NET, 2003
Microsoft, Visual J# .NET Standard, 2003
Microsoft, Visual Studio .NET, 2002
Microsoft, Visual Studio .NET, 2003
Microsoft, Word, 2002
Microsoft, Word, 2003
Microsoft, Windows Server 2003
Microsoft, Windows XP, 64-bit Version 2003
Microsoft, Windows XP, 64-bit SP1
Microsoft, Windows XP
Microsoft, Windows XP, SP1

Impact

System compromise.

Recommended Actions

Apply appropriate patches from Microsoft or upgrade the system to the latest non-vulnerable version.

CVE References

CVE-2004-0200

Other References

1 1 1