Vulnerabilities > CVE-2007-1215 - Local Privilege Escalation vulnerability in Microsoft Windows Graphics Rendering Engine GDI
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 14 |
Exploit-Db
description MS Windows GDI Local Privilege Escalation Exploit (MS07-017). CVE-2006-5586,CVE-2006-5758,CVE-2007-0038,CVE-2007-1211,CVE-2007-1212,CVE-2007-1213,CVE-2007-12... id EDB-ID:3688 last seen 2016-01-31 modified 2007-04-08 published 2007-04-08 reporter Ivanlef0u source https://www.exploit-db.com/download/3688/ title Microsoft Windows GDI - Local Privilege Escalation Exploit MS07-017 description MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2. CVE-2006-5586,CVE-2006-5758,CVE-2007-0038,CVE-2007-1211,CVE-2007-1212,CVE-2007-1213,CVE-2007-... id EDB-ID:3755 last seen 2016-01-31 modified 2007-04-17 published 2007-04-17 reporter Lionel d'Hauenens source https://www.exploit-db.com/download/3755/ title Microsoft Windows GDI - Local Privilege Escalation Exploit MS07-017 2 description MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017). CVE-2006-5586,CVE-2006-5758,CVE-2007-0038,CVE-2007-1211,CVE-2007-1212,CVE-2007-1213,C... id EDB-ID:3804 last seen 2016-01-31 modified 2007-04-26 published 2007-04-26 reporter Lionel d'Hauenens source https://www.exploit-db.com/download/3804/ title Microsoft Windows - .ANI GDI Remote Elevation of Privilege Exploit MS07-017
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-017.NASL |
description | The remote host is running a version of Windows with a bug in the Animated Cursor (ANI) handling routine that could allow an attacker to execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote host into visiting a rogue web site. Additionally, the system is vulnerable to : - Local Privilege Elevation (GDI, EMF, Font Rasterizer) - Denial of Service (WMF) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24911 |
published | 2007-04-03 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24911 |
title | MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
code |
|
Oval
accepted | 2011-05-09T04:01:23.569-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | ||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:1927 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2007-04-09T09:49:32 | ||||||||||||||||||||||||
title | GDI Incorrect Parameter Local Elevation of Privilege Vulnerability | ||||||||||||||||||||||||
version | 74 |
References
- http://www.securityfocus.com/archive/1/466186/100/200/threaded
- http://www.securityfocus.com/bid/23273
- http://www.securitytracker.com/id?1017847
- http://www.vupen.com/english/advisories/2007/1215
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1927