CyberSec.Space Logo
Back to CVE Browser

CVE-2007-5348

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0820%
EPSS Percentile23.29th
PublishedSep 11, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Digital Image Suite

= 2006
πŸ“¦
Microsoft

Forefront Client Security

= 1.0
πŸ“¦
Microsoft

Internet Explorer

= 6
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= xp
πŸ“¦
Microsoft

Office Powerpoint Viewer

= 2003
πŸ“¦
Microsoft

Report Viewer

= 2005
πŸ“¦
Microsoft

Report Viewer

= 2008
πŸ“¦
Microsoft

Server

= 2008
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server Reporting Services

= 2000
πŸ“¦
Microsoft

Visio

= 2002
πŸ“¦
Microsoft

Works

= 8.0
πŸ’»
Microsoft

Office System

All versions
πŸ’»
Microsoft

Office System

All versions
πŸ’»
Microsoft

Windows

= 2003_server
πŸ’»
Microsoft

Windows

= 2003_server
πŸ’»
Microsoft

Windows Nt

= vista
πŸ’»
Microsoft

Windows Nt

= xp
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Xp

All versions

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
πŸ”— http://marc.info/?l=bugtraq&m=122235754013992&w=2
πŸ”— http://secunia.com/advisories/32154
πŸ”— http://www.securityfocus.com/bid/31018
πŸ”— http://www.securitytracker.com/id?1020834
πŸ”— http://www.us-cert.gov/cas/techalerts/TA08-253A.html
πŸ”— http://www.vupen.com/english/advisories/2008/2520
πŸ”— http://www.vupen.com/english/advisories/2008/2696

Related Vulnerabilities

CVE-2008-30149.3

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vist...

CVE-2008-30159.3

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and...

CVE-2008-30129.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...

CVE-2008-30139.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...