cpe:/a:microsoft:digital_image_suite:2006 cpe:/a:microsoft:forefront_client_security:1.0 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp3 cpe:/a:microsoft:office:2007::gold cpe:/a:microsoft:office:2007:sp1 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office_powerpoint_viewer:2003 cpe:/a:microsoft:report_viewer:2005:sp1 cpe:/a:microsoft:report_viewer:2008 cpe:/a:microsoft:sql_server:2005:sp2 cpe:/a:microsoft:sql_server_reporting_services:2000:sp2 cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:works:8.0 CVE-2008-3015 2008-09-10T21:11:47.147-04:00 2017-09-28T21:31:28.960-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-09-11T11:14:00.000-04:00 SECTRACK 1020838 BUGTRAQ 20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability BID 31022 SECUNIA 32154 EXPLOIT-DB 6619 EXPLOIT-DB 6716 VUPEN ADV-2008-2520 VUPEN ADV-2008-2696 HP HPSBST02372 IAVM IAVM:2008-T-0053 MS MS08-052 HP SSRT080133 CERT TA08-253A MISC http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt MISC http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt MISC http://www.zerodayinitiative.com/advisories/ZDI-08-055 Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."