GDI+ Vulnerability in Microsoft Products Allows Remote Code Execution
CVE-2007-5348

Currently unrated

Key Information:

Vendor: Microsoft
Status: Forefront Client Security; Office System; Server; Digital Image Suite
Vendor: CVE Published:; 11 September 2008

Summary

The GDI+ vulnerability in various Microsoft products allows attackers to execute arbitrary code remotely. By exploiting a crafted image file with specially sized gradients, an attacker can trigger a heap-based buffer overflow impacted by GdiPlus.dll and VGX.DLL. This flaw is critical as it could lead to unauthorized actions on a victim’s system, risking data integrity and security.

References

http://secunia.com/advisories/32154

third-party-advisoryx_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Oct 10, 2007