Integer Overflow Vulnerability in Microsoft Office and Related Products
CVE-2008-3015

Currently unrated

Key Information:

Vendor

Microsoft
Status
Forefront Client Security
Digital Image Suite
Office
Sql Server Reporting Services
Vendor
CVE Published:
11 September 2008

What is CVE-2008-3015?

The vulnerability in the GDI+ library of Microsoft Office products stems from an integer overflow in the gdiplus.dll component. Attackers leveraging this flaw can craft a BMP image file containing a malformed BitMapInfoHeader, which can trigger a buffer overflow. This allows remote attackers to execute arbitrary code on the system when the malformed image is processed. The issue affects multiple versions of Microsoft Office, SQL Server, and other related products, making it crucial for users to ensure software is updated to mitigate potential exploitation.

References

http://secunia.com/advisories/32154
third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1020838
vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=122235754013992&w=2
vendor-advisoryx_refsource_HP

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.