New Search

GDI+ Record Type Vulnerability

oval:org.mitre.oval:def:15621

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3 2007 SP2 and SP3 and 2010 Gold and SP1 does not properly validate record types in EMF images which allows remote attackers to execute arbitrary code via a crafted image aka "GDI+ Record Type Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008 R2
Class:
vulnerability
Reference(s):
  • CVE-2012-0165
Product(s):
  • Microsoft Office 2010
  • Microsoft Office 2003
  • Microsoft Office 2007