CVE-2004-0200

CVE Database · CVE-2004-0200

CVE-2004-0200

· N/AModified

CVSS v3.1

N/A

EPSS

49.02%

Published

Sep 28, 2004

Modified

Apr 15, 2026

Public PoC / Exploit (7)

All weaponized →

Exploit-DBMicrosoft Windows - JPEG Processing Buffer Overrun (MS04-028)Exploit-DBMicrosoft Windows - JPEG GDI+ Bind/Reverse/Admin/File Download Exploit-DBMicrosoft Windows - JPEG GDI+ Overflow Administrator (MS04-028)Exploit-DBMicrosoft Windows - JPEG GDI+ Overflow Download Shellcode (MS04-028)Exploit-DBMicrosoft Windows - JPEG GDI+ Overflow Shellcode Exploit-DBMicrosoft Windows - JPEG GDI+ Remote Heap Overflow (MS04-028)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.

Affected Products (43)

microsoft · .net_frameworkvulnerable

microsoft · digital_image_provulnerable

microsoft · digital_image_suitevulnerable

microsoft · excelvulnerable

microsoft · frontpagevulnerable

microsoft · greetingsvulnerable

microsoft · infopathvulnerable