Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
2004-09-28T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | microsoft | .net_framework | 1.0 | Yes |
| Application | microsoft | digital_image_pro | 7.0 | Yes |
| Application | microsoft | digital_image_pro | 9 | Yes |
| Application | microsoft | digital_image_suite | 9 | Yes |
| Application | microsoft | excel | 2002 | Yes |
| Application | microsoft | excel | 2003 | Yes |
| Application | microsoft | frontpage | 2002 | Yes |
| Application | microsoft | frontpage | 2003 | Yes |
| Application | microsoft | greetings | 2002 | Yes |
| Application | microsoft | infopath | 2003 | Yes |
| Application | microsoft | office | 2003 | Yes |
| Application | microsoft | office | xp | Yes |
| Application | microsoft | onenote | 2003 | Yes |
| Application | microsoft | outlook | 2002 | Yes |
| Application | microsoft | outlook | 2003 | Yes |
| Application | microsoft | picture_it | 7.0 | Yes |
| Application | microsoft | picture_it | 9 | Yes |
| Application | microsoft | picture_it | 2002 | Yes |
| Application | microsoft | powerpoint | 2002 | Yes |
| Application | microsoft | powerpoint | 2003 | Yes |
| Application | microsoft | producer | * | Yes |
| Application | microsoft | project | 2002 | Yes |
| Application | microsoft | project | 2003 | Yes |
| Application | microsoft | publisher | 2002 | Yes |
| Application | microsoft | publisher | 2003 | Yes |
| Application | microsoft | visio | 2002 | Yes |
| Application | microsoft | visio | 2003 | Yes |
| Application | microsoft | visual_basic | 2002 | Yes |
| Application | microsoft | visual_basic | 2003 | Yes |
| Application | microsoft | visual_c\# | 2002 | Yes |
| Application | microsoft | visual_c\# | 2003 | Yes |
| Application | microsoft | visual_c\+\+ | 2002 | Yes |
| Application | microsoft | visual_c\+\+ | 2003 | Yes |
| Application | microsoft | visual_j\#_.net | 2003 | Yes |
| Application | microsoft | visual_studio_.net | 2002 | Yes |
| Application | microsoft | visual_studio_.net | 2003 | Yes |
| Application | microsoft | word | 2002 | Yes |
| Application | microsoft | word | 2003 | Yes |
| Operating System | microsoft | windows_2003_server | r2 | Yes |
| Operating System | microsoft | windows_xp | * | Yes |
| Operating System | microsoft | windows_xp | * | Yes |
| Operating System | microsoft | windows_xp | * | Yes |
| Operating System | microsoft | windows_xp | * | Yes |