CVE-2004-0200 Information

Description

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component GDIPlus.dll allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Reference

http://marc.info/?l=bugtraq&m=109524346729948&w=2 http://www.kb.cert.org/vuls/id/297462 http://www.us-cert.gov/cas/techalerts/TA04-260A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028 https://exchange.xforce.ibmcloud.com/vulnerabilities/16304 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1105 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1721 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2706 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3038 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3082 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3320 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3810 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3881 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4003 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4216 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4307