Oval Definition:oval:org.mitre.oval:def:7709
Revision Date:2015-05-04Version:15
Title:libpng buffer overflow
Description:Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0597
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Adobe Acrobat Reader
MSN Messenger 4.7
MSN Messenger 6.1
MSN Messenger 6.2
Definition Synopsis
  • Windows Messenger 5.0
  • Microsoft Windows 2000 SP4, Windows Server 2003 (x86) Gold, Windows Server 2003 SP1 (x86), Windows XP Professional x64 Edition SP1, Windows XP SP1 (32-bit), Windows XP (x86) SP2
  • Microsoft Windows 2000 SP4 or later is installed
  • OR Microsoft Windows Server 2003 (x86) Gold is installed
  • OR Microsoft Windows Server 2003 SP1 (x86) is installed
  • OR Microsoft Windows XP Professional x64 Edition SP1 is installed
  • OR Microsoft Windows XP SP1 (32-bit) is installed
  • OR Microsoft Windows XP (x86) SP2 is installed
  • AND the version of msmsgs.exe is greater than or equal to 5.0.0.0
  • AND the version of msmsgs.exe is less than 5.1.0.639
  • OR Windows Messenger 4.7 on Windows XP SP1 32-bit
  • Microsoft Windows XP SP1 (32-bit) is installed
  • AND MSN Messenger 4.7 is installed
  • AND the version of msmsgs.exe is less than 4.7.0.2010
  • OR Windows Messenger 4.7 on Windows XP SP2 (x86)
  • Microsoft Windows XP (x86) SP2 is installed
  • AND MSN Messenger 4.7 is installed
  • AND the version of msmsgs.exe is less than 4.7.0.3001
  • OR MSN Messenger 6.1/6.2
  • MSN Messenger 6.1, MSN Messenger 6.2
  • MSN Messenger 6.1 is installed
  • OR MSN Messenger 6.2 is installed
  • AND NOT MSN Messenger 6.2.0205 or later is installed
  • OR Adobe Acrobat Reader 6
  • the software Adobe Acrobat Reader 6, major version 6 is installed
  • AND the software Adobe Acrobat Reader 6, minor version less than 3 is installed
    • BACK