1. Home
  2. CVE Database
  3. CVE-2004-0200
HIGH · 9.3

CVE-2004-0200

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a...

Vulnerability Description

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Microsoft.Net Framework1.0
MicrosoftDigital Image Pro7.0
MicrosoftDigital Image Suite9
MicrosoftExcel2002
MicrosoftFrontpage2002
MicrosoftGreetings2002
MicrosoftInfopath2003
MicrosoftOffice2003
MicrosoftOnenote2003
MicrosoftOutlook2002
MicrosoftPicture It7.0
MicrosoftPowerpoint2002
MicrosoftProducerAll versions
MicrosoftProject2002
MicrosoftPublisher2002
MicrosoftVisio2002
MicrosoftVisual Basic2002
MicrosoftVisual C\#2002
MicrosoftVisual C\+\+2002
MicrosoftVisual J\# .Net2003

References

FAQ

What is CVE-2004-0200?

CVE-2004-0200 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a...

How severe is CVE-2004-0200?

CVE-2004-0200 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0200?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Digital Image Pro, Microsoft Digital Image Suite, Microsoft Excel, Microsoft Frontpage.