To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle. Other versions or editions are either past their support life cycle or are not affected. The following software have been tested to determine which versions or editions are affected. The article also documents recommended solutions for these issues. Microsoft Knowledge Base Article 954593 documents the currently known issues that customers may experience when installing this security update.
Microsoft recommends that customers apply the update immediately. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. The security update addresses the vulnerabilities by modifying the way that GDI+ handles viewing malformed images. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update is rated Important for all supported editions of Microsoft Office XP Microsoft Office 2003 all affected Office Viewer software for Microsoft Office 2003 2007 Microsoft Office System all affected Office Viewer software for 2007 Microsoft Office System Microsoft Office Compatibility Pack, Microsoft Expression Web, Microsoft Expression Web 2, Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1 Microsoft Office Project 2002 Microsoft Visio 2002 Microsoft Office PowerPoint Viewer 2003 Microsoft Works 8 and Microsoft Forefront Client Security 1.0.
This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. Version: 4.0 General Information Executive Summary Published: Septem| Updated: March 10, 2009 Security Bulletin Microsoft Security Bulletin MS08-052 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)