Integer Overflow Vulnerability in Microsoft Office and Related Products
CVE-2008-3015

Currently unrated

Key Information:

Vendor: Microsoft
Status: Forefront Client Security; Digital Image Suite; Office; Sql Server Reporting Services
Vendor: CVE Published:; 11 September 2008

Summary

The vulnerability in the GDI+ library of Microsoft Office products stems from an integer overflow in the gdiplus.dll component. Attackers leveraging this flaw can craft a BMP image file containing a malformed BitMapInfoHeader, which can trigger a buffer overflow. This allows remote attackers to execute arbitrary code on the system when the malformed image is processed. The issue affects multiple versions of Microsoft Office, SQL Server, and other related products, making it crucial for users to ensure software is updated to mitigate potential exploitation.

References

http://secunia.com/advisories/32154

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1020838

vdb-entryx_refsource_SECTRACK

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Jul 7, 2008