CERTA-2004-ALE-011
Vulnerability from certfr_alerte

None

Description

Le CERTA a publié un avis en date du 15 septembre (CERTA-2004-AVI-312) concernant la vulnérabilité GDI+ de Microsoft.

De nombreux programmes exploitant cette vulnérabilité (exploits) sont actuellement disponibles sur l'Internet.

Le CERTA rappelle qu'il est indispensable d'appliquer les correctifs concernant les vulnérabilités des systèmes pour se protéger contre d'éventuelles attaques.

Solution

Appliquer les correctifs proposés par l'éditeur.

None
Impacted products
Vendor Product Description
Microsoft N/A Microsoft Greetings 2002 ;
Microsoft Office Microsoft Producer for Microsoft Office Powerpoint ;
Microsoft N/A Microsoft Visual Studio .NET 2002 , Microsoft Visual Studio .NET 2003 ;
Microsoft Windows Microsoft Windows XP 64-Bit Edition SP1, Microsoft Windows XP 64-Bit Edition 2003 ;
Microsoft N/A Microsoft .NET Framework version 1.0 SP2, Microsoft .NET Framework version 1.1.
Microsoft Windows Microsoft Windows XP, Microsoft Windows XP SP1 ;
Microsoft N/A Internet Explorer 6 SP1 ;
Microsoft N/A Microsoft Digital Image Pro version 7.0, Microsoft Digital Image Pro version 9 ;
Microsoft N/A Microsoft .NET Framework version 1.0 SDK SP2 ;
Microsoft N/A Microsoft Plateform SDK redistributable: GDI+ ;
Microsoft Windows Microsoft Windows server 2003, Microsoft Windows Server 2003 64-Bit Edition ;
Microsoft N/A Microsoft Digital Image Suite version 9 ;
Microsoft N/A Microsoft Visio 2002 SP2, Microsoft Visio 2003 ;
Microsoft N/A Microsoft Picture IT! 2002, Microsoft Picture IT! version 7.0, Microsoft Picture IT! version 9.0 ;
Microsoft N/A Microsoft Project 2002 SP1, Microsoft Project 2003 ;
Microsoft Office Microsoft Office XP SP3, Microsoft Office 2003 ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Greetings 2002 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Producer for Microsoft Office Powerpoint ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio .NET 2002 , Microsoft Visual Studio .NET 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP 64-Bit Edition SP1, Microsoft Windows XP 64-Bit Edition 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework version 1.0 SP2, Microsoft .NET Framework version 1.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP, Microsoft Windows XP SP1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Digital Image Pro version 7.0, Microsoft Digital Image Pro version 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework version 1.0 SDK SP2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Plateform SDK redistributable: GDI+ ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows server 2003, Microsoft Windows Server 2003 64-Bit Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Digital Image Suite version 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2002 SP2, Microsoft Visio 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Picture IT! 2002, Microsoft Picture IT! version 7.0, Microsoft Picture IT! version 9.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Project 2002 SP1, Microsoft Project 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office XP SP3, Microsoft Office 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2004-09-23",
  "content": "## Description\n\nLe CERTA a publi\u00e9 un avis en date du 15 septembre (CERTA-2004-AVI-312)\nconcernant la vuln\u00e9rabilit\u00e9 GDI+ de Microsoft.  \n\nDe nombreux programmes exploitant cette vuln\u00e9rabilit\u00e9 (exploits) sont\nactuellement disponibles sur l\u0027Internet.  \n\nLe CERTA rappelle qu\u0027il est indispensable d\u0027appliquer les correctifs\nconcernant les vuln\u00e9rabilit\u00e9s des syst\u00e8mes pour se prot\u00e9ger contre\nd\u0027\u00e9ventuelles attaques.  \n\n## Solution\n\nAppliquer les correctifs propos\u00e9s par l\u0027\u00e9diteur.\n",
  "cves": [],
  "initial_release_date": "2004-09-23T00:00:00",
  "last_revision_date": "2004-09-23T00:00:00",
  "links": [
    {
      "title": "Avis du CERTA CERTA-2004-AVI-312 du 15 septembre 2004 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2004-AVI-312/index.html"
    }
  ],
  "reference": "CERTA-2004-ALE-011",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-09-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Diffusion de programmes exploitant la faille GDI+",
  "vendor_advisories": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.