Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-2518
HistoryOct 14, 2009 - 10:30 a.m.

CVE-2009-2518

2009-10-1410:30:01
CWE-189
[email protected]
web.nvd.nist.gov
37
cve-2009-2518
microsoft office
gdi+
integer overflow
remote code execution
memory corruption
vulnerability
nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.132 Low

EPSS

Percentile

95.6%

JSON

Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka β€œOffice BMP Integer Overflow Vulnerability.”

Affected configurations

NVD
Node
microsoftofficeMatchxpsp3
CPENameOperatorVersion
microsoft:officemicrosoft officeeqxp

Related

checkpoint_advisories 3
securityvulns 3
seebug 2
prion 1
cvelist 1
nvd 1
mskb 1
nessus 2
openvas 2
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Microsoft Office BMP Integer Overflow Vulnerability (MS09-062)
2009-10-13 00:00:00
Microsoft Office BMP Header biClrUsed Integer Overflow (MS09-062; CVE-2009-2518)
2010-02-03 00:00:00
Microsoft Office BMP Header biClrUsed Integer Overflow (MS09-062) - Ver2 (CVE-2009-2518)
2015-03-26 00:00:00
securityvulns
securityvulns
Secunia Research: Microsoft Office BMP Image Colour Handling Integer Overflow
2009-10-14 00:00:00
Microsoft GDI+ multiple security vulnerabilities
2009-10-14 00:00:00
Microsoft Security Bulletin MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
2009-10-14 00:00:00
seebug
seebug
Microsoft Office BMP Image Colour Handling Integer Overflow
2009-10-20 00:00:00
Microsoft GDI+εΊ“ε›Ύε½’ζ–‡δ»Άε€„η†ε€šδΈͺηΌ“ε†²εŒΊζΊ’ε‡Ίε’Œε†…ε­˜η ΄εζΌζ΄ž(MS09-062)
2009-10-20 00:00:00
prion
prion
Integer overflow
2009-10-14 10:30:00
cvelist
cvelist
CVE-2009-2518
2009-10-14 10:00:00
nvd
nvd
CVE-2009-2518
2009-10-14 10:30:01
mskb
mskb
KB957488 - MS09-062: Vulnerabilities in GDI+ could allow remote code execution
2020-10-20 07:11:43
nessus
nessus
MS09-062: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
2009-10-15 00:00:00
MS09-062: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) (uncredentialed check)
2014-03-10 00:00:00
openvas
openvas
Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
2009-10-21 00:00:00
Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
2009-10-21 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.132 Low

EPSS

Percentile

95.6%

JSON
Related for CVE-2009-2518
checkpoint_advisories3securityvulns3seebug2prion1cvelist1nvd1mskb1nessus2openvas2