Memory Corruption in Microsoft Internet Explorer and Office Products
CVE-2008-3012

Currently unrated

Key Information:

Vendor: Microsoft
Status: Forefront Client Security; Office System; Server; Digital Image Suite
Vendor: CVE Published:; 11 September 2008

Summary

The gdiplus.dll component in GDI+ within multiple versions of Microsoft products, including Internet Explorer and various Office applications, is susceptible to a memory allocation flaw. This vulnerability can be exploited by a remote attacker through a specially crafted EMF image file, potentially allowing arbitrary code execution. Users are advised to apply available security patches and adhere to best practices for safeguarding their systems.

References

http://secunia.com/advisories/32154

third-party-advisoryx_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Jul 7, 2008