Unrated severityNVD Advisory· Published Oct 14, 2009· Updated Apr 23, 2026

CVE-2009-2528

Description

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Affected products

Microsoft/Visual Foxpro2 versions
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
Microsoft/Windows 2003 Server3 versions
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
Microsoft/Windows Server 20083 versions
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Microsoft/Windows Vista3 versions
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Microsoft/Windows Xp3 versions
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Microsoft/.net Framework3 versions
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
Microsoft/Internet Explorer
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
Microsoft/Report Viewer3 versions
cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*
- cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*
- cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*
Microsoft/Sql Server6 versions
cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*
Microsoft/Sql Server Reporting Services
cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
Microsoft/Excel Viewer2 versions
cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*
Microsoft/Expression Web2 versions
cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*
Microsoft/Office4 versions
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
Microsoft/Office Compatibility Pack2 versions
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
Microsoft/Office Excel Viewer
cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
Microsoft/Office Groove2 versions
cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*
Microsoft/Office Powerpoint Viewer3 versions
cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*
Microsoft/Office Word Viewer
cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
Microsoft/Project
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
Microsoft/Visio
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
Microsoft/Word Viewer2 versions
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*
Microsoft/Works
cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*
Microsoft/Platform Sdk
cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\+:*:*:*:*:*
Microsoft/Visual Studio2 versions
cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
Microsoft/Visual Studio .net2 versions
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*
Microsoft/Forefront Client Security
cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.027
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000