CVE-2008-3014: Buffer Overflow
First published: Wed Sep 10 2008(Updated: )
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Digital Image Suite | =2006 | |
| Microsoft Forefront Client Security | =1.0 | |
| Internet Explorer | =6-sp1 | |
| Microsoft Office | =2003-sp2 | |
| Microsoft Office | =2003-sp3 | |
| Microsoft Office | =2007 | |
| Microsoft Office | =2007-sp1 | |
| Microsoft Office | =xp-sp3 | |
| Microsoft Office PowerPoint Viewer | =2003 | |
| Microsoft Report Viewer | =2005-sp1 | |
| Microsoft Report Viewer | =2008 | |
| Microsoft Windows Server | =2008 | |
| Microsoft SQL Server | =2005-sp2 | |
| Microsoft SQL Server Reporting Services | =2000-sp2 | |
| Microsoft Visio Professional | =2002-sp2 | |
| Microsoft Works | =8.0 | |
| Microsoft Windows Server | =2003-sp1 | |
| Microsoft Windows Server | =2003-sp2 | |
| Microsoft Windows NT | =vista | |
| Microsoft Windows NT | =xp-sp3 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=bugtraq&m=122235754013992&w=2
- http://www.us-cert.gov/cas/techalerts/TA08-253A.html
- http://www.securitytracker.com/id?1020837
- http://www.securityfocus.com/bid/31021
- http://secunia.com/advisories/32154
- http://www.vupen.com/english/advisories/2008/2696
- http://www.vupen.com/english/advisories/2008/2520
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052
Frequently Asked Questions
What is the severity of CVE-2008-3014?
CVE-2008-3014 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2008-3014?
To fix CVE-2008-3014, install the relevant security updates provided by Microsoft for affected products.
Which Microsoft products are affected by CVE-2008-3014?
CVE-2008-3014 affects several Microsoft products including Internet Explorer 6 SP1, Office 2003 SP2 and SP3, and Windows XP SP2 and SP3.
What could happen if CVE-2008-3014 is exploited?
If exploited, CVE-2008-3014 could allow an attacker to execute arbitrary code on affected systems.
Is CVE-2008-3014 still a threat today?
CVE-2008-3014 is considered obsolete due to the age of the vulnerability, but unpatched legacy systems may still be at risk.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft digital image suite
- version/microsoft digital image suite/2006
- canonical/microsoft forefront client security
- version/microsoft forefront client security/1.0
- canonical/internet explorer
- version/internet explorer/6-sp1
- canonical/microsoft office
- version/microsoft office/2003-sp2
- version/microsoft office/2003-sp3
- version/microsoft office/2007
- version/microsoft office/2007-sp1
- version/microsoft office/xp-sp3
- canonical/microsoft office powerpoint viewer
- version/microsoft office powerpoint viewer/2003
- canonical/microsoft report viewer
- version/microsoft report viewer/2005-sp1
- version/microsoft report viewer/2008
- canonical/microsoft windows server
- version/microsoft windows server/2008
- canonical/microsoft sql server
- version/microsoft sql server/2005-sp2
- canonical/microsoft sql server reporting services
- version/microsoft sql server reporting services/2000-sp2
- canonical/microsoft visio professional
- version/microsoft visio professional/2002-sp2
- canonical/microsoft works
- version/microsoft works/8.0
- version/microsoft windows server/2003-sp1
- version/microsoft windows server/2003-sp2
- canonical/microsoft windows nt
- version/microsoft windows nt/vista
- version/microsoft windows nt/xp-sp3
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2