English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801725
Category:Windows : Microsoft Bulletins
Title:Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
Summary:Check for the version of Msv1_0.dll file
Description:
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-052.

Vulnerability Insight:
The issues are caused by memory corruptions, integer, heap and buffer
overflows, and input validation errors in GDI+ when rendering malformed WMF,
PNG, TIFF and BMP images, or when processing Office Art Property Tables in
Office documents.

Impact:
Successful exploitation could allow attackers to crash an affected application
or execute arbitrary code.

Impact Level: Application

Affected Software/OS:
Microsoft SQL Server 2005 SP 2/3
Microsoft Office Excel Viewer 2007
Microsoft Office XP/2003 SP 3 and prior
Microsoft Office Visio 2002 SP 2 and prior
Microsoft Office Groove 2007 SP1 and prior
Microsoft Excel Viewer 2003 SP 3 and prior
Microsoft Office 2007 System SP 1/2 and prior
Microsoft Office Word Viewer 2003 SP 3 and prior
Microsoft Office Visio Viewer 2007 SP 2 and prior
Microsoft Office PowerPoint Viewer 2007 SP 2 and prior
Microsoft Visual Studio 2008 SP 1 and prior
Microsoft Visual Studio .NET 2003 SP 1 and prior
Microsoft Windows 2000 SP4 with Internet Explorer 6 SP 1
Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP 1/2
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

References:
http://secunia.com/advisories/32154
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
Cross-Ref: BugTraq ID: 31018
BugTraq ID: 31019
BugTraq ID: 31020
BugTraq ID: 31021
BugTraq ID: 31022
Common Vulnerability Exposure (CVE) ID: CVE-2007-5348
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
HPdes Security Advisory: HPSBST02372
http://marc.info/?l=bugtraq&m=122235754013992&w=2
HPdes Security Advisory: SSRT080133
Microsoft Security Bulletin: MS08-052
http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
Cert/CC Advisory: TA08-253A
http://www.us-cert.gov/cas/techalerts/TA08-253A.html
http://www.securityfocus.com/bid/31018
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6055
http://www.vupen.com/english/advisories/2008/2520
http://www.vupen.com/english/advisories/2008/2696
http://www.securitytracker.com/id?1020834
http://secunia.com/advisories/32154
Common Vulnerability Exposure (CVE) ID: CVE-2008-3012
http://www.securityfocus.com/bid/31019
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6040
http://www.securitytracker.com/id?1020835
Common Vulnerability Exposure (CVE) ID: CVE-2008-3013
Bugtraq: 20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496154/100/0/threaded
http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
http://www.zerodayinitiative.com/advisories/ZDI-08-056/
http://www.zerodayinitiative.com/advisories/ZDI-08-056
http://www.securityfocus.com/bid/31020
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5986
http://www.securitytracker.com/id?1020836
Common Vulnerability Exposure (CVE) ID: CVE-2008-3014
http://www.securityfocus.com/bid/31021
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6004
http://www.securitytracker.com/id?1020837
Common Vulnerability Exposure (CVE) ID: CVE-2008-3015
Bugtraq: 20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496153/100/0/threaded
http://www.milw0rm.com/exploits/6716
http://www.milw0rm.com/exploits/6619
http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt
http://www.zerodayinitiative.com/advisories/ZDI-08-055
http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
http://www.securityfocus.com/bid/31022
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5881
http://www.securitytracker.com/id?1020838
CopyrightCopyright (C) 2009 SecPod

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.