Think you have a false positive on this rule?

Sid 1-33518

Message

FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt

Summary

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."

Impact

CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2009-2502:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2009-2502: Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."

Affected systems

  • microsoft .net_framework 1.1
  • microsoft .net_framework 2.0
  • microsoft excel_viewer 2003
  • microsoft expression_web *
  • microsoft expression_web 2
  • microsoft forefrontclientsecurity 1.0
  • microsoft internet_explorer 6
  • microsoft office 2003
  • microsoft office 2007
  • microsoft office xp
  • microsoft officecompatibilitypack 2007
  • microsoft officeexcelviewer *
  • microsoft office_groove 2007
  • microsoft officepowerpointviewer *
  • microsoft officepowerpointviewer 2007
  • microsoft officewordviewer *
  • microsoft platform_sdk *
  • microsoft project 2002
  • microsoft report_viewer 2005
  • microsoft report_viewer 2008
  • microsoft sql_server 2005
  • microsoft sqlserverreporting_services 2000
  • microsoft visio 2002
  • microsoft visual_foxpro 8.0
  • microsoft visual_foxpro 9.0
  • microsoft visual_studio 2008
  • microsoft visualstudio.net 2003
  • microsoft visualstudio.net 2005
  • microsoft word_viewer 2003
  • microsoft works 8.5
  • microsoft windows2003server *
  • microsoft windowsserver2008 *
  • microsoft windows_vista *
  • microsoft windows_xp *

Ease of attack

CVE-2009-2502:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • osvdb.org/show/osvdb/58865
  • technet.microsoft.com/en-us/security/bulletin/ms09-062