Oval Definition:oval:org.mitre.oval:def:5967
Revision Date:2015-08-10Version:46
Title:GDI+ WMF Integer Overflow Vulnerability
Description:Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-2500
Platform(s):Microsoft Windows 2000
Microsoft Windows XP
Product(s):Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft SQL Server 2005
Microsoft Visual Studio 2008
Definition Synopsis
  • Vulnerable gdiplus.dll on Microsoft Windows XP x86 SP2/SP3
  • Microsoft Windows XP x86 SP2/SP3
  • Microsoft Windows XP (x86) SP2 is installed
  • OR Microsoft Windows XP (x86) SP3 is installed
  • AND the version of gdiplus.dll is less than 5.2.6001.22319
  • OR Vulnerable Microsoft IE6 on Windows 2000 SP4
  • Microsoft Internet Explorer 6 is installed
  • AND Microsoft Windows 2000 SP4 or later is installed
  • AND Vgx.dll version is less than 6.0.2800.1637
  • OR Vulnerable Microsoft Office XP, Project 2002, Visio 2002
  • Microsoft Office XP, Project 2002, Visio 2002
  • Microsoft Office XP is installed
  • OR Microsoft Project 2002 SP1 is installed
  • OR Microsoft Office Visio 2002 SP2 is installed
  • AND Mso.dll version is less than 10.0.6856.0
  • OR Vulnerable Microsoft Office 2003, Word Viewer, Excel Viewer 2003
  • Microsoft Office 2003, Word Viewer, Excel Viewer 2003
  • Microsoft Office 2003 is installed
  • OR Microsoft Word Viewer is installed
  • OR Microsoft Excel Viewer 2003 is installed
  • AND GDIPlus.dll version is less than 11.0.8312.0
  • OR Vulnerable Microsoft Office 2007, PowerPoint Viewer 2007, Office Compatibility Pack
  • Microsoft Office 2007, PowerPoint Viewer 2007, Office Compatibility Pack
  • Microsoft Office 2007 is installed
  • OR Microsoft PowerPoint Viewer 2007 is installed
  • OR Microsoft Office Compatibility Pack is installed
  • AND Ogl.dll version is less than 12.0.6509.5000
  • OR Vulnerable Microsoft Visual Studio 2005
  • Microsoft Visual Studio 2005 is installed.
  • AND ReportViewerLP.exe version is less than 2.0.50727.4401
  • OR Vulnerable Microsoft Visual Studio 2008
  • Microsoft Visual Studio 2008 is installed
  • AND ReportViewer.exe version is less than 9.0.21022.227
  • OR SQL Server 2005 Service Pack 2
  • Affected Software
  • Affected Software
  • Microsoft SQL Server 2005 is installed
  • AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 2
  • OR Microsoft SQL Server 2005 SP2 is installed
  • AND Affected Software
  • Microsoft SQL Server 2005 SP2 Database Engine - GDR
  • The version of Sqlservr.exe is greater than or equal to 2005.90.3042.0
  • AND The version of Sqlservr.exe is less than 2005.90.3080.0
  • OR Microsoft SQL Server 2005 SP2 Database Engine - QFE
  • The version of Sqlservr.exe is greater than or equal to 2005.90.3150.0
  • AND The version of Sqlservr.exe is less than 2005.90.3353.0
  • OR Microsoft SQL Server 2005 SP2 Analysis Services - GDR
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msmdsrv.exe is greater than or equal to 9.0.3042.0
  • AND The version of Msmdsrv.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Analysis Services - QFE
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msmdsrv.exe is greater than or equal to 9.0.3150.0
  • AND The version of Msmdsrv.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Notification Services - GDR
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.3042.0
  • AND The version of Nsservice.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Notification Services - QFE
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.3150.0
  • AND The version of Nsservice.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Reporting Services - GDR
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.3042.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Reporting Services - QFE
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.3150.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Integration Services - GDR
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.3042.0
  • AND The version of Msdtssrvr.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Integration Services - QFE
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.3150.0
  • AND The version of Msdtssrvr.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Tools - GDR
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.3042.0
  • AND The version of Sqlwb.exe is less than 2005.90.3080.0
  • OR Microsoft SQL Server 2005 SP2 Tools - QFE
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.3150.0
  • AND The version of Sqlwb.exe is less than 2005.90.3353.0
  • OR SQL Server 2005 Service Pack 3
  • Affected Software
  • Affected Software
  • Microsoft SQL Server 2005 is installed
  • AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 3
  • OR Microsoft SQL Server 2005 SP3 is installed
  • AND Affected Software
  • Microsoft SQL Server 2005 SP3 Database Engine - GDR
  • The version of Sqlservr.exe is greater than or equal to 2005.90.4035.0
  • AND The version of Sqlservr.exe is less than 2005.90.4053.0
  • OR Microsoft SQL Server 2005 SP3 Database Engine - QFE
  • The version of Sqlservr.exe is greater than or equal to 2005.90.4207.0
  • AND The version of Sqlservr.exe is less than 2005.90.4262.0
  • OR Microsoft SQL Server 2005 SP3 Analysis Services - GDR
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.4035.0
  • AND The version of Msmdsrv.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Analysis Services - QFE
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msmdsrv.exe is greater than or equal to 9.0.4207.0
  • AND The version of Msmdsrv.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Notification Services - GDR
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.4035.0
  • AND The version of Nsservice.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Notification Services - QFE
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.4207.0
  • AND The version of Nsservice.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Reporting Services - GDR
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.4035.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Reporting Services - QFE
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.4207.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Integration Services - GDR
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.4035.0
  • AND The version of Msdtssrvr.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Integration Services - QFE
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.4207.0
  • AND The version of Msdtssrvr.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Tools - GDR
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.4035.0
  • AND The version of Sqlwb.exe is less than 2005.90.4053.0
  • OR Microsoft SQL Server 2005 SP3 Tools - QFE
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.4207.0
  • AND The version of Sqlwb.exe is less than 2005.90.4262.0
    • BACK