CVE-2009-3126
Description
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka GDI+ PNG Integer Overflow Vulnerability.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Windows XP (KB958869) | Windows |
| Security Update for Windows Server 2003 (KB958869) | Windows |
| Security Update for Windows Vista (KB958869) x86 based systems | Windows |
| Security Update for Windows Server 2008 (KB958869) | Windows |
| Security Update for Windows XP x64 Edition (KB958869) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB958869) | Windows |
| Security Update for Windows Vista for x64-based Systems (KB958869) | Windows |
| Security Update for Windows Vista for x64-based Systems (KB958869) for SP1 | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB958869) | Windows |
| .NET Framework 1.1 Service Pack 1 GDIPLUS.DLL Security Update for Windows 2000(KB971108) x86 based systems | Windows |
| .NET Framework 2.0 Service Pack 1 GDIPLUS.DLL Security Update for Windows 2000(KB971110) x86 based systems | Windows |
| .NET Framework 2.0 Service Pack 2 GDIPLUS.DLL Security Update for Windows 2000 | Windows |
| Security Update for Microsoft Office 2003 (KB972580) | Windows |
| Security Update for the 2007 Microsoft Office System (KB972581) | Windows |
| Security Update for the 2007 Microsoft Office System (KB972581) x86 based systems for SP2 | Windows |
| Security Update for Microsoft Office 2003 (KB972580) | Windows |
| Security Update for the 2007 Microsoft Office System (KB972581) | Windows |
| Security Update for the 2007 Microsoft Office System (KB972581) | Windows |
| Security Update for Internet Explorer 6 for Windows 2000 (KB958869) | Windows |
| Security Update for Microsoft Office XP (KB974811) | Windows |
| Security Update for Microsoft Office 2003 (KB972580) | Windows |
| Security Update for Windows Vista (KB958869) x86 based systems for SP1 | Windows |
| Visual Studio 2008 GDIPLUS.DLL Security Update(KB972221) | Windows |
| Visual Studio 2008 Service Pack 1 GDIPLUS.DLL Security Update(KB972222) | Windows |
| Report Viewer Redistributable 2008 GDIPLUS.DLL Security Update(KB971118) | Windows |
| Report Viewer Redistributable 2008 Service Pack 1 GDIPLUS.DLL Security Update(KB971119) | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-7826 | Security Update for Windows XP x64 Edition (KB958869) |
| PATCH-7836 | Security Update for the 2007 Microsoft Office System (KB972581) |
| PATCH-9433 | Visual Studio 2008 GDIPLUS.DLL Security Update(KB972221) |
| PATCH-9470 | Visual Studio 2008 Service Pack 1 GDIPLUS.DLL Security Update(KB972222) |
| PATCH-9471 | Report Viewer Redistributable 2008 GDIPLUS.DLL Security Update(KB971118) |
| PATCH-9472 | Report Viewer Redistributable 2008 Service Pack 1 GDIPLUS.DLL Security Update(KB971119) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234