Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2008-3015
HistorySep 11, 2008 - 1:11 a.m.

CVE-2008-3015

2008-09-1101:11:47
CWE-189
microsoft
web.nvd.nist.gov
54
cve-2008-3015
integer overflow
gdiplus.dll
microsoft office
buffer overflow
nvd
vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.496

Percentile

97.5%

JSON

Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka β€œGDI+ BMP Integer Overflow Vulnerability.”

Affected configurations

Nvd
Node
microsoftdigital_image_suiteMatch2006
OR
microsoftforefront_client_securityMatch1.0
OR
microsoftofficeMatch2003sp2
OR
microsoftofficeMatch2003sp3
OR
microsoftofficeMatch2007gold
OR
microsoftofficeMatch2007sp1
OR
microsoftofficeMatchxpsp3
OR
microsoftoffice_powerpoint_viewerMatch2003
OR
microsoftreport_viewerMatch2005sp1
OR
microsoftreport_viewerMatch2008
OR
microsoftsql_serverMatch2005sp2
OR
microsoftsql_server_reporting_servicesMatch2000sp2
OR
microsoftvisioMatch2002sp2
OR
microsoftworksMatch8.0
VendorProductVersionCPE
microsoftdigital_image_suite2006cpe:2.3:a:microsoft:digital_image_suite:2006:*:*:*:*:*:*:*
microsoftforefront_client_security1.0cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:*:gold:*:*:*:*:*
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
microsoftofficexpcpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
microsoftoffice_powerpoint_viewer2003cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*
microsoftreport_viewer2005cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*
microsoftreport_viewer2008cpe:2.3:a:microsoft:report_viewer:2008:*:*:*:*:*:*:*
Rows per page:
1-10 of 141

Related

prion 1
zdi 1
checkpoint_advisories 2
cvelist 1
securityvulns 3
seebug 1
nvd 1
nessus 2
openvas 2
mskb 1
prion
prion
Integer overflow
2008-09-11 01:11:00
zdi
zdi
Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
2008-09-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows GDI+ BMP File Parsing Integer Overflow (MS08-052) - Ver2 (CVE-2008-3015)
2015-05-18 00:00:00
Microsoft Windows GDI+ BMP File Parsing Integer Overflow (MS08-052; CVE-2004-0904; CVE-2008-3015)
2008-09-09 00:00:00
cvelist
cvelist
CVE-2008-3015
2008-09-10 15:00:00
securityvulns
securityvulns
ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
2008-09-10 00:00:00
Microsoft Windows GDI library multiple security vulnerabilities
2008-09-10 00:00:00
Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
2008-09-10 00:00:00
seebug
seebug
Microsoft GDI+ BMPζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄žοΌˆMS08-052οΌ‰
2008-09-11 00:00:00
nvd
nvd
CVE-2008-3015
2008-09-11 01:11:47
nessus
nessus
MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
2008-09-10 00:00:00
MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)
2018-01-24 00:00:00
openvas
openvas
Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
2011-01-18 00:00:00
Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
2011-01-18 00:00:00
mskb
mskb
KB954593 - MS08-052: Vulnerabilities in GDI+ could allow remote code execution
2020-10-20 07:12:22

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.496

Percentile

97.5%

JSON
Related for CVE-2008-3015
prion1zdi1checkpoint_advisories2cvelist1securityvulns3seebug1nvd1nessus2openvas2mskb1