CVE-2008-3209 - OpenCVE

Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackice	Black Ice Document Imaging Sdk

Configuration 1 [-]

cpe:2.3:a:blackice:black_ice_document_imaging_sdk:10.95:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/31095
http://securityreason.com/securityalert/4012
http://www.securityfocus.com/bid/30243
https://exchange.xforce.ibmcloud.com/vulnerabilities/43830
https://www.exploit-db.com/exploits/6083

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-18T15:00:00

Updated: 2024-08-07T09:28:41.670Z

Reserved: 2008-07-18T00:00:00

Link: CVE-2008-3209

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-07-18T15:13:00.000

Modified: 2017-09-29T01:31:34.880

Link: CVE-2008-3209

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4012", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4012"}, {"name": "6083", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6083"}, {"name": "30243", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30243"}, {"name": "31095", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31095"}, {"name": "blackice-opengiffile-bo(43830)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43830"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4012", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4012"}, {"name": "6083", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6083"}, {"name": "30243", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30243"}, {"name": "31095", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31095"}, {"name": "blackice-opengiffile-bo(43830)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43830"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:28:41.670Z"}, "title": "CVE Program Container", "references": [{"name": "4012", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4012"}, {"name": "6083", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6083"}, {"name": "30243", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30243"}, {"name": "31095", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31095"}, {"name": "blackice-opengiffile-bo(43830)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43830"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3209", "datePublished": "2008-07-18T15:00:00", "dateReserved": "2008-07-18T00:00:00", "dateUpdated": "2024-08-07T09:28:41.670Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackice:black_ice_document_imaging_sdk:10.95:*:*:*:*:*:*:*", "matchCriteriaId": "3D4299D1-5CD2-4D20-9A97-2AE42D4BAC84", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n OpenGifFile de BiGif.dll en Black Ice Document Imaging SDK 10.95 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un argumento del m\u00e9todo GetNumberOfImagesInGifFile con una cadena excesivamente larga en el control ActiveX BIImgFrm Control en biimgfrm.ocx. NOTA: Algunos de estos detalles se obtienen a partir de informaci\u00f3n de terceros."}], "id": "CVE-2008-3209", "lastModified": "2017-09-29T01:31:34.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-07-18T15:13:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31095"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4012"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30243"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43830"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6083"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}