CVE-2008-3013
First published: Wed Sep 10 2008(Updated: )
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Digital Image Suite | =2006 | |
| Microsoft Forefront Client Security | =1.0 | |
| Internet Explorer | =6-sp1 | |
| Microsoft Office | =2003-sp2 | |
| Microsoft Office | =2003-sp3 | |
| Microsoft Office | =2007 | |
| Microsoft Office | =2007-sp1 | |
| Microsoft Office | =xp-sp3 | |
| Microsoft PowerPoint Viewer | =2003 | |
| Microsoft Report Viewer | =2005-sp1 | |
| Microsoft Report Viewer | =2008 | |
| Microsoft SQL Server | =2005-sp2 | |
| Microsoft SQL Server Reporting Services | =2000-sp2 | |
| Microsoft Visio Professional | =2002-sp2 | |
| Microsoft Works | =8.0 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Vista | =gold | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zerodayinitiative.com/advisories/ZDI-08-056/
- http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html
- http://marc.info/?l=bugtraq&m=122235754013992&w=2
- http://www.us-cert.gov/cas/techalerts/TA08-253A.html
- http://www.securitytracker.com/id?1020836
- http://www.securityfocus.com/bid/31020
- http://www.zerodayinitiative.com/advisories/ZDI-08-056
- http://secunia.com/advisories/32154
- http://www.vupen.com/english/advisories/2008/2696
- http://www.vupen.com/english/advisories/2008/2520
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986
- http://www.securityfocus.com/archive/1/496154/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
Frequently Asked Questions
What is the severity of CVE-2008-3013?
CVE-2008-3013 has a high severity rating due to potential exploitation leading to arbitrary code execution.
How do I fix CVE-2008-3013?
To fix CVE-2008-3013, ensure that all affected software is updated to the latest security patches provided by Microsoft.
Which Microsoft products are affected by CVE-2008-3013?
CVE-2008-3013 affects various Microsoft products including Internet Explorer 6 SP1, Microsoft Office 2003 SP2 and SP3, as well as Windows XP SP2 and SP3.
Can CVE-2008-3013 be exploited remotely?
Yes, CVE-2008-3013 can be exploited remotely if a user views a specially crafted graphic file in an affected application.
What types of attacks are associated with CVE-2008-3013?
CVE-2008-3013 is primarily associated with memory corruption vulnerabilities that can lead to Denial of Service or arbitrary code execution.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft digital image suite
- version/microsoft digital image suite/2006
- canonical/microsoft forefront client security
- version/microsoft forefront client security/1.0
- canonical/internet explorer
- version/internet explorer/6-sp1
- canonical/microsoft office
- version/microsoft office/2003-sp2
- version/microsoft office/2003-sp3
- version/microsoft office/2007
- version/microsoft office/2007-sp1
- version/microsoft office/xp-sp3
- canonical/microsoft powerpoint viewer
- version/microsoft powerpoint viewer/2003
- canonical/microsoft report viewer
- version/microsoft report viewer/2005-sp1
- version/microsoft report viewer/2008
- canonical/microsoft sql server
- version/microsoft sql server/2005-sp2
- canonical/microsoft sql server reporting services
- version/microsoft sql server reporting services/2000-sp2
- canonical/microsoft visio professional
- version/microsoft visio professional/2002-sp2
- canonical/microsoft works
- version/microsoft works/8.0
- canonical/microsoft windows server 2008 itanium
- canonical/microsoft windows vista
- version/microsoft windows vista/gold
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3