CVE-2007-5348 · threatengine.sh

Home/CVE/Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Go

CVE

CVE-2007-5348

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Go

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability.".

HIGH · CVSS 9.3 EPSS 0.78944

Act now

EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 1% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules22 YARA rules0

▤

Affected Products & Versions

16

microsoft digital image suiteall versions
microsoft forefront client securityall versions
microsoft internet explorerall versions
microsoft officeall versions
microsoft office powerpoint viewerall versions
microsoft report viewerall versions
microsoft serverall versions
microsoft sql serverall versions
Show all 16 affected productsmicrosoft sql server reporting servicesall versions
microsoft visioall versions
microsoft worksall versions
microsoft office systemall versions
microsoft windowsall versions
microsoft windows-ntall versions
microsoft windows vistaall versions
microsoft windows xpall versions

⚠

Public Exploits & PoCs

1

dosMicrosoft Internet Explorer - GDI+ (PoC) (MS08-052)verified

◈

Sigma Hunt Rules

22

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

productmediumInternet Explorer DisableFirstRunCustomize Enabled

productmediumInternet Explorer Autorun Keys Modification

producthighPotential Server Side Template Injection In Velocity

producthighRemote Server Service Abuse for Lateral Movement

producthighRemote Server Service Abuse

producthighSuspicious Child Process Of SQL Server

Show all 22 top matchesproducthighSuspicious Process By Web Server Process
productcriticalHackTool - Windows Credential Editor (WCE) Execution
productcriticalWindows Credential Editor Registry
producthighOpenCanary - MSSQL Login Attempt Via Windows Authentication
producthighWindows LAPS Credential Dump From Entra ID
producthighTamper Windows Defender - PSClassic
producthighTamper Windows Defender Remove-MpPreference - ScriptBlockLogging
producthighTamper Windows Defender - ScriptBlockLogging
producthighSuspicious Microsoft Office Child Process - MacOS
producthighCode Executed Via Office Add-in XLL File
producthighPotential Persistence Via Microsoft Office Add-In
producthighPotential Persistence Via Microsoft Office Startup Folder
producthighFile With Uncommon Extension Created By An Office Application
producthighOffice Macro File Creation From Suspicious Process
producthighUncommon File Created In Office Startup Folder
producthighPotentially Suspicious Office Document Executed From Trusted Location

See all related Sigma rules for this CVE

▣

Scoring & Timeline

9.3

HIGH · CVSS v2 (legacy) · secure@microsoft.com

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Published to NVD11 Sep 2008 · 01:01 AM

🔗

References & Sources

10

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743

http://marc.info/?l=bugtraq&m=122235754013992&w=2

http://secunia.com/advisories/32154Vendor Advisory

http://www.securityfocus.com/bid/31018

http://www.securitytracker.com/id?1020834

http://www.us-cert.gov/cas/techalerts/TA08-253A.htmlUS Government Resource

Show all 10 references

http://www.vupen.com/english/advisories/2008/2520Vendor Advisory

http://www.vupen.com/english/advisories/2008/2696Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin