Home / bulletins MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) - Version:2.0
Posted on 28 October 2009
There is an newer version: MS09-062 - Version: 2.2
CriticalSeverity Rating: Critical - Revision Note: V2.0 (October 28, 2009): Added Microsoft Office Visio Viewer 2007, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2 as affected software, and added SQL Server 2008 and SQL Server 2008 Service Pack 1 to the Non-Affected Software table. Also added notes to the Affected Software table for SQL Server 2005 customers with a Reporting Services SharePoint dependency; corrected the MBSA detection entries for Microsoft Report Viewer; and corrected the log file and registry key verification information for Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other versions
- MS09-062 - Version: 2.0
- MS09-062 - Version: 2.1
- MS09-062 - Version: 1.0
- MS09-062 - Version: 1.1
- MS09-062 - Version: 2.2
