Vulnerability Details : CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."

Vulnerability category: OverflowExecute code

Published 2009-10-14 10:30:01

Updated 2018-10-12 21:51:51

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-2500

Probability of exploitation activity in the next 30 days: 94.29%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-2500

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-2500

CWE-189

Assigned by: [email protected] (Primary)

References for CVE-2009-2500

Products affected by CVE-2009-2500

Microsoft » Sql Server » Version: 2005 Update SP2
cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP2 X64 Edition
cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP2 Itanium Edition
cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP3 X64 Edition
cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP3 Itanium Edition
cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP3
cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: XP
cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2003 Update SP3
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2007 Update SP2
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2002 Update SP1
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio » Version: 2008 Update SP1
cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio » Version: 2008
cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Professional X64 Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Works » Version: 8.5
cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 1.1 Update SP1
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » .net Framework » Version: 2.0 Update SP2
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » .net Framework » Version: 2.0 Update SP1
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Visual Foxpro » Version: 9.0 Update SP2
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Visual Foxpro » Version: 8.0 Update SP1
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Windows 2003 Server » Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2002 Update SP2
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2005 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2003 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Excel Viewer » Version: 2003
cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Matching versions
Microsoft » Excel Viewer » Version: 2003 Update SP3
cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Word Viewer » Version: 2003
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
Matching versions
Microsoft » Word Viewer » Version: 2003 Update SP3
cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » X64 Edition
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1 X64 Edition
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6 Update SP1
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Windows Server 2008 » X32 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Expression Web
cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Expression Web » Version: 2
cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Powerpoint Viewer
cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Powerpoint Viewer » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Powerpoint Viewer » Version: 2007 Update SP2
cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server Reporting Services » Version: 2000 Update SP2
cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Report Viewer » Version: 2005 Update SP1 Redistributable Package Edition
cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*
Matching versions
Microsoft » Report Viewer » Version: 2008 Update SP1 Redistributable Package Edition
cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*
Matching versions
Microsoft » Report Viewer » Version: 2008 Redistributable Package Edition
cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*
Matching versions
Microsoft » Forefront Client Security » Version: 1.0
cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Office Excel Viewer
cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Version: 2007 Update SP2
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office Word Viewer
cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Groove » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Groove » Version: 2007
cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*
Matching versions
Microsoft » Platform Sdk » Redistrutable Gdi+ Edition
cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\+:*:*:*:*:*
Matching versions