Office BMP Integer Overflow Vulnerability
Gravité: : Critique
Identifiant(s) CVE: : CVE-2009-2518,MS09-062
Date du conseil: 21 juillet 2015
Description
Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1003759
Trend Micro Deep Security DPI Rule Name: 1003759 - Office BMP Integer Overflow Vulnerability
Affected software and version:
- Microsoft Works 8.5
- Microsoft Windows XP
- Microsoft Windows Vista
- Microsoft Windows Server 2008
- Microsoft Windows Server 2000
- Microsoft Windows 2003 Server
- Microsoft SQL Server 2005
- Microsoft Report Viewer 2008
- Microsoft Report Viewer 2005
- Microsoft Office XP SP3
- Microsoft Office Word Viewer 2003
- Microsoft Office Visio 2002
- Microsoft Office Project 2002
- Microsoft Office Powerpoint 2007
- Microsoft Office Groove 2007
- Microsoft Office Excel Viewer 2003
- Microsoft Compatibility Pack Word Excel Powerpoint 2007
- Microsoft Office 2003
- Microsoft Forefront Client Security 1.0
- Microsoft Internet Explorer 6
- Microsoft 2007 Office System SP2
- Microsoft 2007 Office System SP1
- Microsoft .NET Framework 2.0
- Microsoft .NET Framework 1.1