CVE-2009-2504

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.1 SP1 through 2.0 SP2 Windows XP versions SP2 through SP3 Windows Server 2003 version SP2 Windows Vista versions Gold through SP1 Windows Server 2008 version Gold Microsoft Office XP version SP3 Microsoft Office 2003 version SP3 2007 Microsoft Office System versions SP1 through SP2 Microsoft Office Project 2002 version SP1 Microsoft Visio 2002 version SP2 Microsoft Office Word Viewer Microsoft Word Viewer 2003 versions Gold through SP3 Microsoft Office Excel Viewer 2003 versions Gold through SP3 Microsoft Office Excel Viewer Microsoft Office PowerPoint Viewer 2007 versions Gold through SP2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2 Microsoft Expression Web Microsoft Expression Web 2 Microsoft Groove 2007 versions Gold through SP1 Microsoft Works 8.5 Microsoft SQL Server 2000 Reporting Services version SP2 Microsoft SQL Server 2005 versions SP2 through SP3 Microsoft Report Viewer 2005 version SP1 Microsoft Report Viewer 2008 versions Gold through SP1 Microsoft Forefront Client Security 1.0

Description A remote code execution issue exists in GDI+ that can allow a malicious Microsoft .NET application to gain unmanaged code execution privileges. This issue can be exploited via a crafted XAML browser application (XBAP), a crafted ASP.NET application, or a crafted .NET Framework application. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this issue.

Recommendations For Microsoft .NET Framework versions 1.1 SP1 through 2.0 SP2, update to a newer version to mitigate the risk. For Windows XP versions SP2 through SP3, apply the patch provided by Microsoft to resolve the issue. For Windows Server 2003 version SP2, apply the patch provided by Microsoft to resolve the issue. For Windows Vista versions Gold through SP1, apply the patch provided by Microsoft to resolve the issue. For Windows Server 2008 version Gold, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office XP version SP3, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office 2003 version SP3, apply the patch provided by Microsoft to resolve the issue. For 2007 Microsoft Office System versions SP1 through SP2, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office Project 2002 version SP1, apply the patch provided by Microsoft to resolve the issue. For Microsoft Visio 2002 version SP2, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office Word Viewer, apply the patch provided by Microsoft to resolve the issue. For Microsoft Word Viewer 2003 versions Gold through SP3, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office Excel Viewer 2003 versions Gold through SP3, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office Excel Viewer, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office PowerPoint Viewer 2007 versions Gold through SP2, apply the patch provided by Microsoft to resolve the issue. For Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats versions SP1 through SP2, apply the patch provided by Microsoft to resolve the issue. For Microsoft Expression Web, apply the patch provided by Microsoft to resolve the issue. For Microsoft Expression Web 2, apply the patch provided by Microsoft to resolve the issue. For Microsoft Groove 2007 versions Gold through SP1, apply the patch provided by Microsoft to resolve the issue. For Microsoft Works 8.5, apply the patch provided by Microsoft to resolve the issue. For Microsoft SQL Server 2000 Reporting Services version SP2, apply the patch provided by Microsoft to resolve the issue. For Microsoft SQL Server 2005 versions SP2 through SP3, apply the patch provided by Microsoft to resolve the issue. For Microsoft Report Viewer 2005 version SP1, apply the patch provided by Microsoft to resolve the issue. For Microsoft Report Viewer 2008 versions Gold through SP1, apply the patch provided by Microsoft to resolve the issue. For Microsoft Forefront Client Security 1.0, apply the patch provided by Microsoft to resolve the issue.