Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0200

9 documents4 sources

Severity

9.3CRITICAL

EPSS

76.7%

top 1.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft .net Framework Microsoft Digital Image PRO Microsoft Digital Image Suite +19 more

Timeline

PublishedSep 28

Latest updateApr 29

Description

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages22 packages

▶NVDmicrosoft/digital_image_pro7.0, 9+1

▶NVDmicrosoft/digital_image_suite9

▶NVDmicrosoft/word2002, 2003+1

▶NVDmicrosoft/excel2002, 2003+1

▶NVDmicrosoft/visio2002, 2003+1

🔴Vulnerability Details

GHSA

GHSA-x89p-fjvx-wp8h: Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus↗2022-04-29

▶

CVEList

CVE-2004-0200: Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus↗2004-09-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - JPEG GDI+ Bind/Reverse/Admin/File Download↗2004-09-27

▶

Exploit-DB

Microsoft Windows - JPEG GDI+ Overflow Download Shellcode (MS04-028)↗2004-09-25

▶

Exploit-DB

Microsoft Windows - JPEG GDI+ Remote Heap Overflow (MS04-028)↗2004-09-25

▶

Exploit-DB

Microsoft Windows - JPEG GDI+ Overflow Administrator (MS04-028)↗2004-09-23

▶

Exploit-DB

Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)↗2004-09-22

▶