CERTA-2004-ALE-011

Vulnerability from certfr_alerte - Published: - Updated:

None

Description

Le CERTA a publié un avis en date du 15 septembre (CERTA-2004-AVI-312) concernant la vulnérabilité GDI+ de Microsoft.

De nombreux programmes exploitant cette vulnérabilité (exploits) sont actuellement disponibles sur l'Internet.

Le CERTA rappelle qu'il est indispensable d'appliquer les correctifs concernant les vulnérabilités des systèmes pour se protéger contre d'éventuelles attaques.

Solution

Appliquer les correctifs proposés par l'éditeur.

None
Impacted products
Vendor Product Description
Microsoft N/A Microsoft Greetings 2002 ;
Microsoft N/A Microsoft Visual Studio .NET 2002 , Microsoft Visual Studio .NET 2003 ;
Microsoft N/A Microsoft .NET Framework version 1.0 SP2, Microsoft .NET Framework version 1.1.
Microsoft N/A Internet Explorer 6 SP1 ;
Microsoft N/A Microsoft Digital Image Pro version 7.0, Microsoft Digital Image Pro version 9 ;
Microsoft Office Microsoft Producer for Microsoft Office Powerpoint ;
Microsoft Office Microsoft Office XP SP3, Microsoft Office 2003 ;
Microsoft Windows Microsoft Windows XP 64-Bit Edition SP1, Microsoft Windows XP 64-Bit Edition 2003 ;
Microsoft Windows Microsoft Windows XP, Microsoft Windows XP SP1 ;
Microsoft Windows Microsoft Windows server 2003, Microsoft Windows Server 2003 64-Bit Edition ;
Microsoft N/A Microsoft .NET Framework version 1.0 SDK SP2 ;
Microsoft N/A Microsoft Plateform SDK redistributable: GDI+ ;
Microsoft N/A Microsoft Digital Image Suite version 9 ;
Microsoft N/A Microsoft Visio 2002 SP2, Microsoft Visio 2003 ;
Microsoft N/A Microsoft Picture IT! 2002, Microsoft Picture IT! version 7.0, Microsoft Picture IT! version 9.0 ;
Microsoft N/A Microsoft Project 2002 SP1, Microsoft Project 2003 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Greetings 2002 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio .NET 2002 , Microsoft Visual Studio .NET 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework version 1.0 SP2, Microsoft .NET Framework version 1.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Digital Image Pro version 7.0, Microsoft Digital Image Pro version 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Producer for Microsoft Office Powerpoint ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office XP SP3, Microsoft Office 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP 64-Bit Edition SP1, Microsoft Windows XP 64-Bit Edition 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP, Microsoft Windows XP SP1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows server 2003, Microsoft Windows Server 2003 64-Bit Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework version 1.0 SDK SP2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Plateform SDK redistributable: GDI+ ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Digital Image Suite version 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2002 SP2, Microsoft Visio 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Picture IT! 2002, Microsoft Picture IT! version 7.0, Microsoft Picture IT! version 9.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Project 2002 SP1, Microsoft Project 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2004-09-23",
  "content": "## Description\n\nLe CERTA a publi\u00e9 un avis en date du 15 septembre (CERTA-2004-AVI-312)\nconcernant la vuln\u00e9rabilit\u00e9 GDI+ de Microsoft.  \n\nDe nombreux programmes exploitant cette vuln\u00e9rabilit\u00e9 (exploits) sont\nactuellement disponibles sur l\u0027Internet.  \n\nLe CERTA rappelle qu\u0027il est indispensable d\u0027appliquer les correctifs\nconcernant les vuln\u00e9rabilit\u00e9s des syst\u00e8mes pour se prot\u00e9ger contre\nd\u0027\u00e9ventuelles attaques.  \n\n## Solution\n\nAppliquer les correctifs propos\u00e9s par l\u0027\u00e9diteur.\n",
  "cves": [],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2004-AVI-312 du 15 septembre 2004 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2004-AVI-312/index.html"
    }
  ],
  "reference": "CERTA-2004-ALE-011",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-09-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Diffusion de programmes exploitant la faille GDI+",
  "vendor_advisories": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.