Oval Definition:oval:org.mitre.oval:def:6282
Revision Date:2015-08-10Version:46
Title:GDI+ .NET API Vulnerability
Description:Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-2504
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft SQL Server 2005
Microsoft Visual Studio 2008
Definition Synopsis
  • Vulnerable gdiplus.dll on Microsoft Windows XP x86 SP2/SP3, Windows XP x86 SP2, Windows Server 2003 SP2 x86/x64/is64
  • Microsoft Windows XP x86 SP2/SP3, Windows XP x86 SP2, Windows Server 2003 SP2 x86/x64/is64
  • Microsoft Windows XP (x86) SP2 is installed
  • OR Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND the version of gdiplus.dll is less than 5.2.6001.22319
  • OR Vulnerable gdiplus.dll on Microsoft Windows Vista x86/x64
  • Microsoft Windows Vista x86/x64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND the version of gdiplus.dll is less than 5.2.6000.16782
  • OR Vulnerable gdiplus.dll on Microsoft Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of gdiplus.dll is less than 5.2.6001.18175
  • OR Vulnerable Gdiplus.dll on Microsoft Windows 2000 SP4 with .Net Framework 1.1
  • Microsoft .NET Framework 1.1 Service Pack 1 is Installed
  • AND Microsoft Windows 2000 SP4 or later is installed
  • AND Gdiplus.dll version is less than 5.2.6001.22319
  • OR Vulnerable Gdiplus.dll on Microsoft Windows 2000 SP4 with .Net Framework 2.0
  • Microsoft .NET Framework 2.0 (Original RTM or later) is installed
  • AND Microsoft Windows 2000 SP4 or later is installed
  • AND Gdiplus.dll version is less than 5.2.6001.22319
  • OR Vulnerable Microsoft Office XP, Project 2002, Visio 2002
  • Microsoft Office XP, Project 2002, Visio 2002
  • Microsoft Office XP is installed
  • OR Microsoft Project 2002 SP1 is installed
  • OR Microsoft Office Visio 2002 SP2 is installed
  • AND Mso.dll version is less than 10.0.6856.0
  • OR Vulnerable Microsoft Office 2003, Word Viewer, Excel Viewer 2003
  • Microsoft Office 2003, Word Viewer, Excel Viewer 2003
  • Microsoft Office 2003 is installed
  • OR Microsoft Word Viewer is installed
  • OR Microsoft Excel Viewer 2003 is installed
  • AND GDIPlus.dll version is less than 11.0.8312.0
  • OR Vulnerable Microsoft Office 2007, PowerPoint Viewer 2007, Office Compatibility Pack
  • Microsoft Office 2007, PowerPoint Viewer 2007, Office Compatibility Pack
  • Microsoft Office 2007 is installed
  • OR Microsoft PowerPoint Viewer 2007 is installed
  • OR Microsoft Office Compatibility Pack is installed
  • AND Ogl.dll version is less than 12.0.6509.5000
  • OR Vulnerable Microsoft Visual Studio 2005
  • Microsoft Visual Studio 2005 is installed.
  • AND ReportViewerLP.exe version is less than 2.0.50727.4401
  • OR Vulnerable Microsoft Visual Studio 2008
  • Microsoft Visual Studio 2008 is installed
  • AND ReportViewer.exe version is less than 9.0.21022.227
  • OR SQL Server 2005 Service Pack 2
  • Affected Software
  • Affected Software
  • Microsoft SQL Server 2005 is installed
  • AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 2
  • OR Microsoft SQL Server 2005 SP2 is installed
  • AND Affected Software
  • Microsoft SQL Server 2005 SP2 Database Engine - GDR
  • The version of Sqlservr.exe is greater than or equal to 2005.90.3042.0
  • AND The version of Sqlservr.exe is less than 2005.90.3080.0
  • OR Microsoft SQL Server 2005 SP2 Database Engine - QFE
  • The version of Sqlservr.exe is greater than or equal to 2005.90.3150.0
  • AND The version of Sqlservr.exe is less than 2005.90.3353.0
  • OR Microsoft SQL Server 2005 SP2 Analysis Services - GDR
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msmdsrv.exe is greater than or equal to 9.0.3042.0
  • AND The version of Msmdsrv.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Analysis Services - QFE
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msmdsrv.exe is greater than or equal to 9.0.3150.0
  • AND The version of Msmdsrv.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Notification Services - GDR
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.3042.0
  • AND The version of Nsservice.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Notification Services - QFE
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.3150.0
  • AND The version of Nsservice.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Reporting Services - GDR
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.3042.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Reporting Services - QFE
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.3150.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Integration Services - GDR
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.3042.0
  • AND The version of Msdtssrvr.exe is less than 9.0.3080.0
  • OR Microsoft SQL Server 2005 SP2 Integration Services - QFE
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.3150.0
  • AND The version of Msdtssrvr.exe is less than 9.0.3353.0
  • OR Microsoft SQL Server 2005 SP2 Tools - GDR
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.3042.0
  • AND The version of Sqlwb.exe is less than 2005.90.3080.0
  • OR Microsoft SQL Server 2005 SP2 Tools - QFE
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.3150.0
  • AND The version of Sqlwb.exe is less than 2005.90.3353.0
  • OR SQL Server 2005 Service Pack 3
  • Affected Software
  • Affected Software
  • Microsoft SQL Server 2005 is installed
  • AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 3
  • OR Microsoft SQL Server 2005 SP3 is installed
  • AND Affected Software
  • Microsoft SQL Server 2005 SP3 Database Engine - GDR
  • The version of Sqlservr.exe is greater than or equal to 2005.90.4035.0
  • AND The version of Sqlservr.exe is less than 2005.90.4053.0
  • OR Microsoft SQL Server 2005 SP3 Database Engine - QFE
  • The version of Sqlservr.exe is greater than or equal to 2005.90.4207.0
  • AND The version of Sqlservr.exe is less than 2005.90.4262.0
  • OR Microsoft SQL Server 2005 SP3 Analysis Services - GDR
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.4035.0
  • AND The version of Msmdsrv.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Analysis Services - QFE
  • Microsoft SQL Server 2005 Analysis Services is installed
  • AND The version of Msmdsrv.exe is greater than or equal to 9.0.4207.0
  • AND The version of Msmdsrv.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Notification Services - GDR
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.4035.0
  • AND The version of Nsservice.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Notification Services - QFE
  • Microsoft SQL Server 2005 Notification Services is installed
  • AND The version of Nsservice.exe is greater than or equal to 9.0.4207.0
  • AND The version of Nsservice.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Reporting Services - GDR
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.4035.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Reporting Services - QFE
  • Microsoft SQL Server 2005 Reporting Services is installed
  • AND The version of Reportingservicesservice.exe is greater than or equal to 9.0.4207.0
  • AND The version of Reportingservicesservice.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Integration Services - GDR
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.4035.0
  • AND The version of Msdtssrvr.exe is less than 9.0.4053.0
  • OR Microsoft SQL Server 2005 SP3 Integration Services - QFE
  • Microsoft SQL Server 2005 Integration Services is installed
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.4207.0
  • AND The version of Msdtssrvr.exe is less than 9.0.4262.0
  • OR Microsoft SQL Server 2005 SP3 Tools - GDR
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.4035.0
  • AND The version of Sqlwb.exe is less than 2005.90.4053.0
  • OR Microsoft SQL Server 2005 SP3 Tools - QFE
  • Microsoft SQL Server 2005 Tools is installed
  • AND The version of Sqlwb.exe is greater than or equal to 2005.90.4207.0
  • AND The version of Sqlwb.exe is less than 2005.90.4262.0
  • BACK