CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3015

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile1.76th
PublishedSep 11, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Digital Image Suite

= 2006
πŸ“¦
Microsoft

Forefront Client Security

= 1.0
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= xp
πŸ“¦
Microsoft

Office Powerpoint Viewer

= 2003
πŸ“¦
Microsoft

Report Viewer

= 2005
πŸ“¦
Microsoft

Report Viewer

= 2008
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server Reporting Services

= 2000
πŸ“¦
Microsoft

Visio

= 2002
πŸ“¦
Microsoft

Works

= 8.0

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=122235754013992&w=2
πŸ”— http://secunia.com/advisories/32154
πŸ”— http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
πŸ”— http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt
πŸ”— http://www.securityfocus.com/archive/1/496153/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/31022
πŸ”— http://www.securitytracker.com/id?1020838
πŸ”— http://www.us-cert.gov/cas/techalerts/TA08-253A.html

Related Vulnerabilities

CVE-2007-53489.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1...

CVE-2008-30149.3

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vist...

CVE-2008-30129.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...

CVE-2008-30139.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...