CVE-2004-0200

Description

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Affected products

Microsoft / digital_image_pro7.0 – 7.0
Microsoft / digital_image_pro9 – 9
Microsoft / digital_image_suite9 – 9
Microsoft / Excel2003 – 2003
Microsoft / Excel2002 – 2002
Microsoft / frontpage2003 – 2003
Microsoft / frontpage2002 – 2002
Microsoft / greetings2002 – 2002
Microsoft / infopath2003 – 2003
Microsoft / .net_framework1.0 – 1.0
Microsoft / office2003 – 2003
Microsoft / officexp – xp
Microsoft / OneNote2003 – 2003
Microsoft / Outlook2002 – 2002
Microsoft / Outlook2003 – 2003
Microsoft / picture_it7.0 – 7.0
Microsoft / picture_it9 – 9
Microsoft / picture_it2002 – 2002
Microsoft / PowerPoint2002 – 2002
Microsoft / PowerPoint2003 – 2003
Microsoft / producer
Microsoft / project2002 – 2002
Microsoft / project2003 – 2003
Microsoft / publisher2002 – 2002
Microsoft / publisher2003 – 2003
Microsoft / visio2002 – 2002
Microsoft / visio2003 – 2003
Microsoft / visual_basic2002 – 2002
Microsoft / visual_basic2003 – 2003
Microsoft / visual_c++2002 – 2002
Microsoft / visual_c++2003 – 2003
Microsoft / visual_c++2002 – 2002
Microsoft / visual_c++2003 – 2003
Microsoft / visual_j#_.net2003 – 2003
Microsoft / visual_studio_.net2002 – 2002
Microsoft / visual_studio_.net2003 – 2003
Microsoft / windows_2003_serverr2 – r2
Microsoft / windows_xp
Microsoft / windows_xp
Microsoft / windows_xp
Microsoft / windows_xp
Microsoft / Word2003 – 2003
Microsoft / Word2002 – 2002

Description

Affected products

References