CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2500

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile1.69th
PublishedOct 14, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ“¦
Microsoft

.net Framework

= 1.1
πŸ“¦
Microsoft

.net Framework

= 2.0
πŸ“¦
Microsoft

.net Framework

= 2.0
πŸ“¦
Microsoft

Internet Explorer

= 6
πŸ“¦
Microsoft

Report Viewer

= 2005
πŸ“¦
Microsoft

Report Viewer

= 2008
πŸ“¦
Microsoft

Report Viewer

= 2008
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server

= 2005
πŸ“¦
Microsoft

Sql Server Reporting Services

= 2000
πŸ“¦
Microsoft

Excel Viewer

= 2003
πŸ“¦
Microsoft

Excel Viewer

= 2003
πŸ“¦
Microsoft

Expression Web

All versions
πŸ“¦
Microsoft

Expression Web

= 2
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= xp
πŸ“¦
Microsoft

Office Compatibility Pack

= 2007
πŸ“¦
Microsoft

Office Compatibility Pack

= 2007
πŸ“¦
Microsoft

Office Excel Viewer

All versions
πŸ“¦
Microsoft

Office Groove

= 2007
πŸ“¦
Microsoft

Office Groove

= 2007
πŸ“¦
Microsoft

Office Powerpoint Viewer

All versions
πŸ“¦
Microsoft

Office Powerpoint Viewer

= 2007
πŸ“¦
Microsoft

Office Powerpoint Viewer

= 2007
πŸ“¦
Microsoft

Office Word Viewer

All versions
πŸ“¦
Microsoft

Project

= 2002
πŸ“¦
Microsoft

Visio

= 2002
πŸ“¦
Microsoft

Word Viewer

= 2003
πŸ“¦
Microsoft

Word Viewer

= 2003
πŸ“¦
Microsoft

Works

= 8.5
πŸ“¦
Microsoft

Platform Sdk

All versions
πŸ“¦
Microsoft

Visual Studio

= 2008
πŸ“¦
Microsoft

Visual Studio

= 2008
πŸ“¦
Microsoft

Visual Studio .net

= 2003
πŸ“¦
Microsoft

Visual Studio .net

= 2005
πŸ“¦
Microsoft

Forefront Client Security

= 1.0
πŸ“¦
Microsoft

Visual Foxpro

= 8.0
πŸ“¦
Microsoft

Visual Foxpro

= 9.0

References & Advisories

πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-286A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967
πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-286A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967

Related Vulnerabilities

CVE-2004-042010.0

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows ...

CVE-2004-020110.0

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Serve...

CVE-2003-114210.0

Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users t...

CVE-2004-020910.0

Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 al...