Intrusion Prevention

MS.GDI.Plus.VML.Gradient.Remote.Code.Execution

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in Microsoft Windows GDI+.
The vulnerability is caused by an error when the vulnerable software handles a malicious "WMF" file with some malformed records. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
Internet Explorer 6
Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1
Microsoft .NET Framework
Microsoft Windows 2000 Service Pack 4
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System(KB954326)
2007 Microsoft Office System Service Pack 1
Microsoft Office Project 2002 Service Pack 1
Microsoft Visio 2002 Service Pack 2
Microsoft Office Word Viewer, Microsoft Word Viewer 2003
Microsoft Word Viewer 2003 Service Pack 3
Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Visio 2003 Viewer
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Excel Viewer, Microsoft Office PowerPoint Viewer 2007, Microsoft Office PowerPoint Viewer 2007 Service Pack 1, Microsoft Visio 2007 Viewer, Microsoft Visio 2007 Viewer Service Pack 1
Microsoft Works 8
Microsoft Digital Image Suite 2006
SQL Server 2005 Service Pack 2
SQL Server 2005 x64 Edition Service Pack 2
SQL Server 2005 for Itanium-based Systems Service Pack 2
Microsoft Visual Studio .NET 2002 Service Pack 1
Microsoft Visual Studio .NET 2003 Service Pack 1
Microsoft Visual Studio 2005 Service Pack 1
Microsoft Visual Studio 2008
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
Microsoft Report Viewer 2008 Redistributable Package
Microsoft Visual FoxPro 8.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
Microsoft Visual FoxPro 9.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
Microsoft Visual FoxPro 9.0 Service Pack 2 when installed on Microsoft Windows 2000 Service Pack 4
Microsoft Platform SDK Redistributable: GDI+
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-052.mspx

CVE References

CVE-2008-3014