|Microsoft GDI+ VML基于堆的缓冲区溢出漏洞（MS08-052）

Microsoft GDI+ VML基于堆的缓冲区溢出漏洞（MS08-052）

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

BUGTRAQ ID: 31018 CVE ID：CVE-2007-5348 CNCVE ID：CNCVE-20085348 Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+库不正确处理梯度大小，远程攻击者可以利用漏洞进行基于堆的缓冲区溢出，可导致任意代码执行。 GDI+库处理内存分配时存在错误，部分畸形的梯度填充输入可导致应用程序破坏堆，允许任意代码执行。攻击者必须诱使用户使用受此GDI+函数影响的应用程序来渲染文档，可通过链接，文档查看，EMAIL消息来触发。 iDefense Labs证实此漏洞影响Microsoft Windows XP SP2平台上的Internet Explorer 7 和Internet Explorer 6，如下的VGX.DLL版本受影响： 7.00.6000.20628 7.00.6000.16386 6.00.2900.3051 6.00.2900.2997 虽然VGX.DLL(处理VML)是漏洞的主要因素，但是Microsoft指出GdiPlus.dll是此漏洞的根源，在测试过程中中使用了GdiPlus.dll 5.1.3102.2180版本。 Microsoft Works 8.0 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista x64 Edition 0 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Ultimate 64-bit edition 0 Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Windows Vista Home Premium 64-bit edition 0 Microsoft Windows Vista Home Basic 64-bit edition SP1 Microsoft Windows Vista Home Basic 64-bit edition 0 Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Windows Vista Enterprise 64-bit edition 0 Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Windows Vista Business 64-bit edition 0 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate Microsoft Windows Vista SP1 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic SP1 Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Enterprise Microsoft Windows Vista Business SP1 Microsoft Windows Vista Business Microsoft Windows Vista 0 Microsoft Windows Server 2008 Standard Edition 0 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2008 Enterprise Edition 0 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Visual Studio 2003 Viewer Microsoft Visio 2002 Professional SP2 Microsoft Visio 2002 SP2 Microsoft Visio 2002 SP1 Microsoft Visio 2002 Microsoft SQL Server 2005 x64 Edition SP2 Microsoft SQL Server 2005 x64 Edition SP1 Microsoft SQL Server 2005 Itanium Edition SP2 Microsoft SQL Server 2005 Itanium Edition SP1 Microsoft SQL Server 2005 Itanium Edition 0 Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2 Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1 Microsoft SQL Server 2005 Express Edition SP2 Microsoft SQL Server 2005 Express Edition SP1 Microsoft SQL Server 2005 Express Edition 0 Microsoft SQL Server 2005 SP2 Microsoft SQL Server 2005 SP1 Microsoft SQL Server 2005 0 Microsoft SQL Server 2000 Reporting Services SP2 Microsoft Report Viewer 2008 0 Microsoft Report Viewer 2005 SP1 Microsoft Office XP SP3 + Microsoft Excel 2002 SP3 + Microsoft FrontPage 2002 SP3 + Microsoft Outlook 2002 SP3 + Microsoft PowerPoint 2002 SP3 + Microsoft Publisher 2002 SP3 Microsoft Office XP SP2 Microsoft Office XP SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office XP - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2007 SP1 Microsoft Office 2007 0 Microsoft Office 2003 SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2003 0 + Microsoft Excel 2003 + Microsoft FrontPage 2003 + Microsoft InfoPath 2003 + Microsoft OneNote 2003 0 + Microsoft Outlook 2003 0 + Microsoft PowerPoint 2003 0 + Microsoft Publisher 2003 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Professional Microsoft Forefront Client Security 1.0 Microsoft Digital Image Suite 2006 3DM Software Disk Management Software SP2 3DM Software Disk Management Software SP1 <a href=http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx</a>

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™