{"vuid":"VU#297462","idnumber":"297462","name":"Microsoft Windows GDI+ contains a buffer overflow vulnerability in the JPEG parsing component","keywords":["Microsoft","Windows","buffer overflow","JPEG parsing component","Graphic Device Interface","GDI+","MS04-028","Q833987"],"overview":"A buffer overflow vulnerability in the Microsoft Windows GDI+ JPEG parsing component could allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Microsoft Windows Graphics Device Interface (GDI+) is an application programming interface (API) that provides programmers the ability to display information on screens and printers. GDI+ includes the ability to process JPEG image files. There is a buffer overflow vulnerability in the way the JPEG parsing component of GDI+ (Gdiplus.dll) handles malformed JPEG images. By introducing a specially crafted JPEG file to the vulnerable component, a remote attacker could trigger a buffer overflow condition. Microsoft notes that Windows XP, Windows XP Service Pack 1, and Windows Server 2003 provide the operating system version of the affected component. For backward compatibility, some third-party applications may install their own copy of the affected component. These include Office XP, Visio 2002, Project 2002, Office 2003, Visio 2003, and Project 2003. If any of these applications are installed on your system, you should apply the patch for these applications. If you use Windows XP, Windows XP Service Pack 1, or Windows Server 2003, you must also install the operating system patch. Please keep in mind, third-party applications, other than those listed above, may install a copy of the affected component. Any application that uses the Gdiplus.dll file to process JPEG image files is vulnerable.","impact":"A remote, unauthenticated attacker could potentially execute arbitrary code on a vulnerable system by introducing a specially crafted JPEG file. This malicious JPEG image may be introduced to the system via a malicious web page, HTML email, or an email attachment.","resolution":"Apply Patch\nApply a patch as described in Microsoft Security Bulletin MS04-028.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Microsoft. In turn, Microsoft credits Nick DeBaggis for discovering this vulnerability.","author":"This document was written by Damon Morda and Jason A. Rafail, and is based on information provided by Microsoft.","public":["http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx","http://support.microsoft.com/default.aspx?scid=kb;EN-US;873374","http://msdn.microsoft.com/library/en-us/gdicpp/GDIPlus/GDIPlus.asp","http://secunia.com/advisories/12528/"],"cveids":["CVE-2004-0200"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-09-14T18:17:32Z","publicdate":"2004-09-14T00:00:00Z","datefirstpublished":"2004-09-14T20:04:10Z","dateupdated":"2004-12-17T16:20:48Z","revision":27,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"20","cam_impact":"15","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"33.75","cam_scorecurrentwidelyknown":"39.375","cam_scorecurrentwidelyknownexploited":"61.875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":33.75,"vulnote":null}