漏洞信息详情

Microsfot GDI+ VML 缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200809-176
  • 危害等级: 超危
  • CVE编号: CVE-2007-5348
  • 漏洞类型: 数字错误
  • 发布时间: 2008-09-11
  • 威胁类型: 远程
  • 更新时间: 2009-03-04
  • 厂        商: microsoft
  • 漏洞来源: Greg MacManus

漏洞简介

Microsoft GDI+通过基于类的API提供对各种图形方式的访问。

多款Microsft软件(Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0)使用的GDI+中存在整数溢出漏洞。

远程攻击者可利用在梯度填充包含特制梯度尺寸的图片文件,与触发缓冲区溢出,从而执行任意指令。

该漏洞与GdiPlus.dll和VGX.dll相关,也称为\"GDI+ VML 缓冲区溢出漏洞\"。

漏洞公告

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:

http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx

参考网址

来源: FEDORA

名称: FEDORA-2008-8429

链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

来源: FEDORA

名称: FEDORA-2008-8401

链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

来源: FEDORA

名称: FEDORA-2008-8425

链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

来源: bugzilla.mozilla.org

链接:https://bugzilla.mozilla.org/show_bug.cgi?id=444077

来源: bugzilla.mozilla.org

链接:https://bugzilla.mozilla.org/show_bug.cgi?id=444075

来源: XF

名称: firefox3-xpcnativewrappers-code-execution(45349)

链接:http://xforce.iss.net/xforce/xfdb/45349

来源: VUPEN

名称: ADV-2009-0977

链接:http://www.vupen.com/english/advisories/2009/0977

来源: UBUNTU

名称: USN-647-1

链接:http://www.ubuntu.com/usn/usn-647-1

来源: UBUNTU

名称: USN-645-2

链接:http://www.ubuntu.com/usn/usn-645-2

来源: UBUNTU

名称: USN-645-1

链接:http://www.ubuntu.com/usn/usn-645-1

来源: SECTRACK

名称: 1020915

链接:http://www.securitytracker.com/id?1020915

来源: BID

名称: 31346

链接:http://www.securityfocus.com/bid/31346

来源: REDHAT

名称: RHSA-2008:0908

链接:http://www.redhat.com/support/errata/RHSA-2008-0908.html

来源: REDHAT

名称: RHSA-2008:0882

链接:http://www.redhat.com/support/errata/RHSA-2008-0882.html

来源: REDHAT

名称: RHSA-2008:0879

链接:http://www.redhat.com/support/errata/RHSA-2008-0879.html

来源: CONFIRM

名称: http://www.mozilla.org/security/announce/2008/mfsa2008-41.html

链接:http://www.mozilla.org/security/announce/2008/mfsa2008-41.html

来源: MANDRIVA

名称: MDVSA-2008:206

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

来源: MANDRIVA

名称: MDVSA-2008:205

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

来源: VUPEN

名称: ADV-2008-2661

链接:http://www.frsirt.com/english/advisories/2008/2661

来源: DEBIAN

名称: DSA-1697

链接:http://www.debian.org/security/2009/dsa-1697

来源: DEBIAN

名称: DSA-1696

链接:http://www.debian.org/security/2009/dsa-1696

来源: DEBIAN

名称: DSA-1669

链接:http://www.debian.org/security/2008/dsa-1669

来源: SUNALERT

名称: 256408

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

来源: SLACKWARE

名称: SSA:2008-270-01

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

来源: SLACKWARE

名称: SSA:2008-269-01

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

来源: SLACKWARE

名称: SSA:2008-269-02

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

来源: SECUNIA

名称: 34501

链接:http://secunia.com/advisories/34501

来源: SECUNIA

名称: 33434

链接:http://secunia.com/advisories/33434

来源: SECUNIA

名称: 33433

链接:http://secunia.com/advisories/33433

来源: SECUNIA

名称: 32845

链接:http://secunia.com/advisories/32845

来源: SECUNIA

名称: 32144

链接:http://secunia.com/advisories/32144

来源: SECUNIA

名称: 32096

链接:http://secunia.com/advisories/32096

来源: SECUNIA

名称: 32095

链接:http://secunia.com/advisories/32095

来源: SECUNIA

名称: 32092

链接:http://secunia.com/advisories/32092

来源: SECUNIA

名称: 32089

链接:http://secunia.com/advisories/32089

来源: SECUNIA

名称: 32082

链接:http://secunia.com/advisories/32082

来源: SECUNIA

名称: 32044

链接:http://secunia.com/advisories/32044

来源: SECUNIA

名称: 32042

链接:http://secunia.com/advisories/32042

来源: SECUNIA

名称: 32025

链接:http://secunia.com/advisories/32025

来源: SECUNIA

名称: 32012

链接:http://secunia.com/advisories/32012

来源: SECUNIA

名称: 32011

链接:http://secunia.com/advisories/32011

来源: SECUNIA

名称: 32010

链接:http://secunia.com/advisories/32010

来源: SECUNIA

名称: 32007

链接:http://secunia.com/advisories/32007

来源: SECUNIA

名称: 31987

链接:http://secunia.com/advisories/31987

来源: SECUNIA

名称: 31985

链接:http://secunia.com/advisories/31985

来源: SECUNIA

名称: 31984

链接:http://secunia.com/advisories/31984

来源: SUSE

名称: SUSE-SA:2008:050

链接:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

来源: downl

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多