Oval Definition:oval:org.mitre.oval:def:15621
Revision Date:2015-02-23Version:70
Title:GDI+ Record Type Vulnerability
Description:GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-0165
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Definition Synopsis
  • Vulnerable Windows Vista x86/x64, Server 2008 x86/x64 (KB2659262)
  • Windows Vista x86/x64, Server 2008 x86/x64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND GDR or LDR Service branch
  • the version of Jntfiltr.dll is less than 6.0.6002.18579
  • OR LDR
  • the version of Jntfiltr.dll is greater than or equal 6.0.6002.22000
  • AND the version of Jntfiltr.dll is less than 6.0.6002.22789
  • OR Vulnerable Windows Vista x86/x64, Server 2008 x86/x64/ia64 (KB2659262)
  • Windows Vista x86/x64, Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of gdiplus.dll is less than 6.0.6002.22795
  • OR Vulnerable Microsoft Windows Vista x86/x64, Server 2008 32bit/x64/ia64 (KB2676562)
  • Windows Vista x86/x64, Server 2008 32bit/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND GDR or LDR Service branch
  • the version of win32k.sys is less than 6.0.6002.18607
  • OR LDR
  • the version of win32k.sys is less than 6.0.6002.22831
  • AND the version of win32k.sys is greater than or equal to 6.0.6002.22000
  • OR Microsoft Office 2003 (KB2598253)
  • Microsoft Office 2003 is installed
  • AND GDIPlus.dll version is less than 11.0.8345.0
  • OR Microsoft Office 2007 (KB2596672/KB2596792)
  • Microsoft Office 2007 is installed
  • AND KB2596672/KB2596792
  • the version of Mspcore.dll is less than 12.0.6658.5001
  • OR the version of Ogl.dll is less than 12.0.6659.5000
  • OR Microsoft Office 2010 (KB2589337)
  • Microsoft Office 2010 is installed
  • AND the version of Ogl.dll is less than 14.0.6117.5001
    • BACK