NVD脆弱性詳細

CVE-2004-0200

概要	Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
公表日	2004年9月28日13:00
登録日	2021年1月29日18:00
最終更新日	2018年10月31日1:25

CVSS2.0 : HIGH
スコア	9.3
ベクター	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:microsoft:.net_framework:1.0:sp2:sdk:::::*
cpe:2.3:a:microsoft:digital_image_pro:7.0:::::::*
cpe:2.3:a:microsoft:digital_image_pro:9:::::::*
cpe:2.3:a:microsoft:digital_image_suite:9:::::::*
cpe:2.3:a:microsoft:excel:2002:::::::*
cpe:2.3:a:microsoft:excel:2003:::::::*
cpe:2.3:a:microsoft:frontpage:2002:::::::*
cpe:2.3:a:microsoft:frontpage:2003:::::::*
cpe:2.3:a:microsoft:greetings:2002:::::::*
cpe:2.3:a:microsoft:infopath:2003:::::::*
cpe:2.3:a:microsoft:office:2003:::::::*
cpe:2.3:a:microsoft:office:xp:sp3::::::
cpe:2.3:a:microsoft:onenote:2003:::::::*
cpe:2.3:a:microsoft:outlook:2002:::::::*
cpe:2.3:a:microsoft:outlook:2003:::::::*
cpe:2.3:a:microsoft:picture_it:7.0:::::::*
cpe:2.3:a:microsoft:picture_it:9:::::::*
cpe:2.3:a:microsoft:picture_it:2002:::::::*
cpe:2.3:a:microsoft:powerpoint:2002:::::::*
cpe:2.3:a:microsoft:powerpoint:2003:::::::*
cpe:2.3:a:microsoft:producer::gold:office_powerpoints:::::
cpe:2.3:a:microsoft:project:2002:sp1::::::
cpe:2.3:a:microsoft:project:2003:::::::*
cpe:2.3:a:microsoft:publisher:2002:::::::*
cpe:2.3:a:microsoft:publisher:2003:::::::*
cpe:2.3:a:microsoft:visio:2002:sp2::::::
cpe:2.3:a:microsoft:visio:2003:::::::*
cpe:2.3:a:microsoft:visual_basic:2002::.net_standard:::::
cpe:2.3:a:microsoft:visual_basic:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\#:2002::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\#:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\+\+:2002::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\+\+:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_j\#_.net:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_studio_.net:2002:gold::::::
cpe:2.3:a:microsoft:visual_studio_.net:2003:gold::::::
cpe:2.3:a:microsoft:word:2002:::::::*
cpe:2.3:a:microsoft:word:2003:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
cpe:2.3:o:microsoft:windows_xp::gold::::::*
cpe:2.3:o:microsoft:windows_xp::sp1:64-bit:::::
cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::

関連情報、対策とツール

No	URL	refsource	タグ
1	http://marc.info/?l=bugtraq&m=109524346729948&w=2	BUGTRAQ
2	http://www.kb.cert.org/vuls/id/297462	CERT-VN	US Government Resource
3	http://www.us-cert.gov/cas/techalerts/TA04-260A.html	CERT	US Government Resource
4	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-028	MS
5	https://exchange.xforce.ibmcloud.com/vulnerabilities/16304	XF
6	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1105	OVAL
7	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1721	OVAL
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2706	OVAL
9	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3038	OVAL
10	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3082	OVAL
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3320	OVAL
12	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3810	OVAL
13	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3881	OVAL
14	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4003	OVAL
15	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4216	OVAL
16	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4307	OVAL

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:a:microsoft:.net_framework:1.0:sp2:sdk:::::*
cpe:2.3:a:microsoft:digital_image_pro:7.0:::::::*
cpe:2.3:a:microsoft:digital_image_pro:9:::::::*
cpe:2.3:a:microsoft:digital_image_suite:9:::::::*
cpe:2.3:a:microsoft:excel:2002:::::::*
cpe:2.3:a:microsoft:excel:2003:::::::*
cpe:2.3:a:microsoft:frontpage:2002:::::::*
cpe:2.3:a:microsoft:frontpage:2003:::::::*
cpe:2.3:a:microsoft:greetings:2002:::::::*
cpe:2.3:a:microsoft:infopath:2003:::::::*
cpe:2.3:a:microsoft:office:2003:::::::*
cpe:2.3:a:microsoft:office:xp:sp3::::::
cpe:2.3:a:microsoft:onenote:2003:::::::*
cpe:2.3:a:microsoft:outlook:2002:::::::*
cpe:2.3:a:microsoft:outlook:2003:::::::*
cpe:2.3:a:microsoft:picture_it:7.0:::::::*
cpe:2.3:a:microsoft:picture_it:9:::::::*
cpe:2.3:a:microsoft:picture_it:2002:::::::*
cpe:2.3:a:microsoft:powerpoint:2002:::::::*
cpe:2.3:a:microsoft:powerpoint:2003:::::::*
cpe:2.3:a:microsoft:producer::gold:office_powerpoints:::::
cpe:2.3:a:microsoft:project:2002:sp1::::::
cpe:2.3:a:microsoft:project:2003:::::::*
cpe:2.3:a:microsoft:publisher:2002:::::::*
cpe:2.3:a:microsoft:publisher:2003:::::::*
cpe:2.3:a:microsoft:visio:2002:sp2::::::
cpe:2.3:a:microsoft:visio:2003:::::::*
cpe:2.3:a:microsoft:visual_basic:2002::.net_standard:::::
cpe:2.3:a:microsoft:visual_basic:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\#:2002::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\#:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\+\+:2002::.net_standard:::::
cpe:2.3:a:microsoft:visual_c\+\+:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_j\#_.net:2003::.net_standard:::::
cpe:2.3:a:microsoft:visual_studio_.net:2002:gold::::::
cpe:2.3:a:microsoft:visual_studio_.net:2003:gold::::::
cpe:2.3:a:microsoft:word:2002:::::::*
cpe:2.3:a:microsoft:word:2003:::::::*