CVE-2009-2528 (CNNVD-200910-228)
CRITICAL
中文标题:
Microsoft GDI+ Malformed Office Object Memory Corruption 远程代码执行漏洞
英文标题:
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Ta...
CVSS分数:
9.3
发布时间:
2009-10-14 10:00:00
漏洞类型:
代码注入
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Microsoft Office XP SP3的GDI+没有使当地处理 Office Art属性表的畸形的对象,这会允许远程攻击者执行任意代码可以借助特制的Office文件,该文件会触发内存破坏,该漏洞又称"内存破坏漏洞"。
英文描述:
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
CWE类型:
CWE-94
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| microsoft | windows_2003_server | * | - | - |
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
|
| microsoft | windows_server_2008 | * | - | - |
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
|
| microsoft | windows_vista | * | - | - |
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
|
| microsoft | windows_xp | * | - | - |
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
|
| microsoft | .net_framework | 1.1 | - | - |
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
|
| microsoft | .net_framework | 2.0 | - | - |
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
|
| microsoft | internet_explorer | 6 | - | - |
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
|
| microsoft | report_viewer | 2005 | - | - |
cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*
|
| microsoft | report_viewer | 2008 | - | - |
cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*
|
| microsoft | sql_server | 2005 | - | - |
cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
|
| microsoft | sql_server_reporting_services | 2000 | - | - |
cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
|
| microsoft | excel_viewer | 2003 | - | - |
cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
|
| microsoft | expression_web | * | - | - |
cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*
|
| microsoft | expression_web | 2 | - | - |
cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*
|
| microsoft | office | 2003 | - | - |
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
|
| microsoft | office | 2007 | - | - |
cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
|
| microsoft | office | xp | - | - |
cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
|
| microsoft | office_compatibility_pack | 2007 | - | - |
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
|
| microsoft | office_excel_viewer | * | - | - |
cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
|
| microsoft | office_groove | 2007 | - | - |
cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*
|
| microsoft | office_powerpoint_viewer | * | - | - |
cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*
|
| microsoft | office_powerpoint_viewer | 2007 | - | - |
cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*
|
| microsoft | office_word_viewer | * | - | - |
cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
|
| microsoft | project | 2002 | - | - |
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
|
| microsoft | visio | 2002 | - | - |
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
|
| microsoft | word_viewer | 2003 | - | - |
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
|
| microsoft | works | 8.5 | - | - |
cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*
|
| microsoft | platform_sdk | * | - | - |
cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\+:*:*:*:*:*
|
| microsoft | visual_studio | 2008 | - | - |
cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
|
| microsoft | visual_studio_.net | 2003 | - | - |
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
|
| microsoft | visual_studio_.net | 2005 | - | - |
cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*
|
| microsoft | forefront_client_security | 1.0 | - | - |
cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
|
| microsoft | visual_foxpro | 8.0 | - | - |
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
|
| microsoft | visual_foxpro | 9.0 | - | - |
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
CVSS评分详情
9.3
CRITICAL
CVSS向量:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS版本:
2.0
机密性
COMPLETE
完整性
COMPLETE
可用性
COMPLETE
时间信息
发布时间:
2009-10-14 10:00:00
修改时间:
2024-08-07 05:52:15
创建时间:
2025-11-11 15:33:02
更新时间:
2025-11-11 15:49:39
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2009-2528 |
2025-11-11 15:18:10 | 2025-11-11 07:33:02 |
| NVD | nvd_CVE-2009-2528 |
2025-11-11 14:53:01 | 2025-11-11 07:41:49 |
| CNNVD | cnnvd_CNNVD-200910-228 |
2025-11-11 15:09:07 | 2025-11-11 07:49:39 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:49:39
vulnerability_type: 未提取 → 代码注入; cnnvd_id: 未提取 → CNNVD-200910-228; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 代码注入
- cnnvd_id: 未提取 -> CNNVD-200910-228
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:41:49
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 9.3; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 34; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.3
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 34
- data_sources: ['cve'] -> ['cve', 'nvd']