Vulnerabilities > CVE-2007-2237 - Divide By Zero vulnerability in Microsoft Windows XP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Microsoft Windows XP GDI+ ICO File Remote Denial of Service Vulnerability. CVE-2007-2237. Dos exploit for windows platform id EDB-ID:30160 last seen 2016-02-03 modified 2007-06-06 published 2007-06-06 reporter Dennis Rand source https://www.exploit-db.com/download/30160/ title Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability id EDB-ID:4044
Seebug
bulletinFamily exploit description No description provided by source. id SSV:6915 last seen 2017-11-19 modified 2007-06-08 published 2007-06-08 reporter Root source https://www.seebug.org/vuldb/ssvid-6915 title MS Windows GDI+ ICO File Remote Denial of Service Exploit bulletinFamily exploit description No description provided by source. id SSV:64746 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-64746 title MS Windows GDI+ ICO File - Remote Denial of Service Exploit
References
- http://www.csis.dk/dk/forside/GdiPlus.pdf
- http://www.kb.cert.org/vuls/id/290961
- http://www.securityfocus.com/bid/24346
- http://www.securitytracker.com/id?1018202
- http://www.vupen.com/english/advisories/2007/2083
- http://osvdb.org/38494
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34743
- https://www.exploit-db.com/exploits/4044
- http://www.securityfocus.com/archive/1/470746/100/0/threaded