← Back

CVE-2008-3012

nvd nist
Published: Sep 11, 2008Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."

Affected (22)

Microsoft
16 products
Digital Image Suite
Forefront Client Security
Internet Explorer
Office
Office Powerpoint Viewer
Office System
Report Viewer
Server
Sql Server
Sql Server Reporting Services
Visio
Windows
Windows Nt
Windows Vista
Windows Xp
Works
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Digital Image Suite
Version 2006
Forefront Client Security
Version 1.0
Internet Explorer
Version 6 sp1
Microsoft
Office
Version 2003 sp2
Office
Version 2003 sp3
Office
Version xp sp3
Office Powerpoint Viewer
Version 2003
Microsoft
Office System
All versions
Office System
All versions
Microsoft
Report Viewer
Version 2005 sp1
Report Viewer
Version 2008
Server
Version 2008
Sql Server
Version 2005 sp2
Sql Server Reporting Services
Version 2000 sp2
Visio
Version 2002 sp2
Microsoft
Windows
Version 2003_server sp1
Windows
Version 2003_server sp2
Microsoft
Windows Nt
Version vista
Windows Nt
Version xp sp3
Windows Vista
All versions
Windows Xp
All versions
Works
Version 8.0

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.