MicrosoftKB957488KB957488 - MS09-062: Vulnerabilities in GDI+ could allow remote code execution
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
<html><body><p>Resolves vulnerabilities in Microsoft Windows GDI+ that could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content.</p><h2></h2><div><span>Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure youβre running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: <a href=βhttp://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packsβ target=β_selfβ>Support is ending for some versions of Windows</a></span>.</div><h2></h2><div><span>Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure youβre running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: <a href=βhttp://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packsβ target=β_selfβ>Support is ending for some versions of Windows</a></span>.</div><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS09-062. To view the complete security bulletin, visit one of the following Microsoft Web sites:<br /><br /><ul><li>Home users:<br /><div><a href=βhttp://www.microsoft.com/security/updates/bulletins/200910.aspxβ target=β_selfβ>http://www.microsoft.com/security/updates/bulletins/200910.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update Web site now:<br /><div><a href=βhttp://update.microsoft.com/microsoftupdate/β target=β_selfβ>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=βhttp://www.microsoft.com/technet/security/bulletin/ms09-062.mspxβ target=β_selfβ>http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=βhttps://support.microsoft.com/ph/6527β target=β_selfβ>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=βhttp://technet.microsoft.com/security/bb980617.aspxβ target=β_selfβ>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=βhttps://support.microsoft.com/contactus/cu_sc_virsec_masterβ target=β_selfβ>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=βhttps://support.microsoft.com/common/international.aspxβ target=β_selfβ>International Support</a><br /><br /></span></div><h2>More Information</h2><div><h3>Known issues and additional information about this security update</h3><span>For more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:<br /><br /><div><a href=βhttps://support.microsoft.com/en-us/help/958869β>958869 </a> MS09-062: Description of the security update for GDI+ for all editions of Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 and for Windows Server 2000 with Internet Explorer 6 Service Pack 1: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/970892β>970892 </a> MS09-062: Description of the security update for SQL Server 2005 Service Pack 3 GDR: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/970894β>970894 </a>MS09-062: Description of the security update for SQL Server 2005 Service Pack 3 QFE: October 13, 2009<br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/970895β>970895 </a>MS09-062: Description of the security update for GDI+ for SQL Server 2005 Service Pack 2 GDR: October 13, 2009<br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/970896β>970896 </a>MS09-062: Description of the security update for SQL Server 2005 Service Pack 2 QFE: October 13, 2009<br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/970899β>970899 </a>MS09-062: Description of the security update for GDI+ for SQL Server 2000 Reporting Services Service Pack 2: October 13, 2009<br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971022β>971022 </a> MS09-062: Description of the security update for Microsoft Visual Studio 2003 Service Pack 1: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971023β>971023 </a> MS09-062: Description of the security update for Microsoft Visual Studio 2005 Service Pack 1: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971104β>971104 </a> MS09-062: Description of the security update for Microsoft Visual FoxPro 8.0 Service Pack 1: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971105β>971105 </a> MS09-062: Description of the security update for Microsoft Visual FoxPro 9.0 Service Pack 2: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971108β>971108 </a> MS09-062: Description of the security update for Microsoft .NET Framework 1.1 Service Pack 1: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971110β>971110 </a> MS09-062: Description of the security update for Microsoft .NET Framework 2.0 Service Pack 1: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971111β>971111 </a> MS09-062: Description of the security update for Microsoft .NET Framework 2.0 Service Pack 2: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971117β>971117 </a> MS09-062: Description of the security update for Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971118β>971118 </a> MS09-062: Description of the security update for Microsoft Report Viewer 2008 Redistributable Package: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/971119β>971119 </a> MS09-062: Description of the security update for Microsoft Report Viewer 2008 Service Pack 1 Redistributable Package: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/972221β>972221 </a> MS09-062: Description of the security update for Microsoft Visual Studio 2008: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/972222β>972222 </a> MS09-062: Description of the security update for Microsoft Visual Studio 2008 Service Pack 1: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/972580β>972580 </a> MS09-062: Description of the security update for Office 2003: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/972581β>972581 </a> MS09-062: Description of the security update for the 2007 Office system: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/974811β>974811 </a> <br />MS09-062: Description of the security update for Office XP: October 13, 2009<br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/973636β>973636 </a> MS09-062: Description of the security update for Microsoft Works 8: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/975337β>975337 </a> MS09-062: Description of the security update for GDI+ for Microsoft Platform SDK Redistributable: October 13, 2009<br /><br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/975365β>975365 </a>MS09-062: Description of the security update for GDI+ for Microsoft Visio 2002: October 13, 2009<br /></div></span><span><div><a href=βhttps://support.microsoft.com/en-us/help/975962β>975962 </a> MS09-062: Description of the security update for Forefront Client Security on Windows 2000: October 13, 2009<br /><br /></div></span><br /><br /><span>Note</span> In addition to the products listed in the Applies To section, this update also applies to Microsoft Report Viewer Redistributable 2008 SP1.</div></body></html>
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C