CVE-2004-0200

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Published: Sep 28, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0200
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / frontpage	2003	2003.x
microsoft / visual_j#_.net	2003	2003.x
microsoft / visual_c++	2003	2003.x
microsoft / digital_image_pro	9	9.x
microsoft / visual_studio_.net	2003-gold	2003-gold.x
microsoft / project	2002-sp1	2002-sp1.x
microsoft / visual_basic	2003	2003.x
microsoft / visual_c++	2002	2002.x
microsoft / project	2003	2003.x
microsoft / picture_it	7.0	7.0.x
microsoft / powerpoint	2002	2002.x
microsoft / office	xp-sp3	xp-sp3.x
microsoft / outlook	2003	2003.x
microsoft / digital_image_suite	9	9.x
microsoft / powerpoint	2003	2003.x
microsoft / infopath	2003	2003.x
microsoft / publisher	2002	2002.x
microsoft / visual_basic	2002	2002.x
microsoft / frontpage	2002	2002.x
microsoft / word	2003	2003.x
microsoft / excel	2002	2002.x
microsoft / picture_it	2002	2002.x
microsoft / visio	2002-sp2	2002-sp2.x
microsoft / picture_it	9	9.x
microsoft / greetings	2002	2002.x
microsoft / publisher	2003	2003.x
microsoft / onenote	2003	2003.x
microsoft / visual_c#	2003	2003.x
microsoft / word	2002	2002.x
microsoft / visual_c#	2002	2002.x
microsoft / visio	2003	2003.x
microsoft / excel	2003	2003.x
microsoft / office	2003	2003.x
microsoft / producer	-	-
microsoft / outlook	2002	2002.x
microsoft / .net_framework	1.0-sp2	1.0-sp2.x
microsoft / visual_studio_.net	2002-gold	2002-gold.x
microsoft / digital_image_pro	7.0	7.0.x
microsoft / windows_xp	-	-
microsoft / windows_2003_server	r2	r2.x

Vulnerability Database

289,599

CVE-2004-0200