Vulnerabilities > CVE-2007-1213 - Access of Uninitialized Pointer vulnerability in Microsoft Windows 2000
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description MS Windows GDI Local Privilege Escalation Exploit (MS07-017). CVE-2006-5586,CVE-2006-5758,CVE-2007-0038,CVE-2007-1211,CVE-2007-1212,CVE-2007-1213,CVE-2007-12... id EDB-ID:3688 last seen 2016-01-31 modified 2007-04-08 published 2007-04-08 reporter Ivanlef0u source https://www.exploit-db.com/download/3688/ title Microsoft Windows GDI - Local Privilege Escalation Exploit MS07-017 description MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2. CVE-2006-5586,CVE-2006-5758,CVE-2007-0038,CVE-2007-1211,CVE-2007-1212,CVE-2007-1213,CVE-2007-... id EDB-ID:3755 last seen 2016-01-31 modified 2007-04-17 published 2007-04-17 reporter Lionel d'Hauenens source https://www.exploit-db.com/download/3755/ title Microsoft Windows GDI - Local Privilege Escalation Exploit MS07-017 2 description MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017). CVE-2006-5586,CVE-2006-5758,CVE-2007-0038,CVE-2007-1211,CVE-2007-1212,CVE-2007-1213,C... id EDB-ID:3804 last seen 2016-01-31 modified 2007-04-26 published 2007-04-26 reporter Lionel d'Hauenens source https://www.exploit-db.com/download/3804/ title Microsoft Windows - .ANI GDI Remote Elevation of Privilege Exploit MS07-017
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-017.NASL |
description | The remote host is running a version of Windows with a bug in the Animated Cursor (ANI) handling routine that could allow an attacker to execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote host into visiting a rogue web site. Additionally, the system is vulnerable to : - Local Privilege Elevation (GDI, EMF, Font Rasterizer) - Denial of Service (WMF) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24911 |
published | 2007-04-03 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24911 |
title | MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
code |
|
Oval
accepted | 2011-05-09T04:01:20.612-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:1797 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2007-04-09T09:49:32 | ||||||||||||
title | Font Rasterizer Vulnerability | ||||||||||||
version | 72 |
References
- http://www.securityfocus.com/bid/23276
- http://www.securitytracker.com/id?1017845
- http://www.vupen.com/english/advisories/2007/1215
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1797
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
- http://www.securityfocus.com/archive/1/466186/100/200/threaded