CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3014

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1890%
EPSS Percentile7.94th
PublishedSep 11, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Digital Image Suite

= 2006
πŸ“¦
Microsoft

Forefront Client Security

= 1.0
πŸ“¦
Microsoft

Internet Explorer

= 6
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= xp
πŸ“¦
Microsoft

Office Powerpoint Viewer

= 2003
πŸ“¦
Microsoft

Report Viewer

= 2005
πŸ“¦
Microsoft

Report Viewer

= 2008
πŸ“¦
Microsoft

Server

= 2008
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server Reporting Services

= 2000
πŸ“¦
Microsoft

Visio

= 2002
πŸ“¦
Microsoft

Works

= 8.0
πŸ’»
Microsoft

Server

= 2003
πŸ’»
Microsoft

Server

= 2003
πŸ’»
Microsoft

Windows Nt

= vista
πŸ’»
Microsoft

Windows Nt

= xp
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Xp

All versions

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=122235754013992&w=2
πŸ”— http://secunia.com/advisories/32154
πŸ”— http://www.securityfocus.com/bid/31021
πŸ”— http://www.securitytracker.com/id?1020837
πŸ”— http://www.us-cert.gov/cas/techalerts/TA08-253A.html
πŸ”— http://www.vupen.com/english/advisories/2008/2520
πŸ”— http://www.vupen.com/english/advisories/2008/2696
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052

Related Vulnerabilities

CVE-2007-53489.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1...

CVE-2008-30159.3

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and...

CVE-2008-30129.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...

CVE-2008-30139.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...