CVE-2004-0200

Currently unrated

Key Information:

Vendor: Microsoft
Status: Frontpage; Visual J\# .net; Visual C\+\+; Digital Image Pro
Vendor: CVE Published:; 28 September 2004

Summary

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.kb.cert.org/vuls/id/297462

third-party-advisoryx_refsource_CERT-VN

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 28, 2004
Vulnerability Reserved
Mar 11, 2004

Collectors

NVD DatabaseMitre Database