CVE-2007-2217 - OpenCVE

Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Xp Windows 2000 Windows 2003 Server
Kodak	Image Viewer

Configuration 1 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

cpe:2.3:a:kodak:image_viewer:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/27092	Vendor Advisory
http://securitytracker.com/id?1018784
http://www.kb.cert.org/vuls/id/180345	US Government Resource
http://www.securityfocus.com/archive/1/482366/100/0/threaded
http://www.securityfocus.com/bid/25909	Exploit Patch
http://www.us-cert.gov/cas/techalerts/TA07-282A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/3435	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055
https://exchange.xforce.ibmcloud.com/vulnerabilities/36799
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481
https://www.exploit-db.com/exploits/4584

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2007-10-09T22:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-04-24T00:00:00

Link: CVE-2007-2217

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-09T22:17:00.000

Modified: 2018-10-16T16:42:32.647

Link: CVE-2007-2217

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS07-055", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"}, {"name": "25909", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25909"}, {"name": "4584", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4584"}, {"name": "HPSBST02280", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "SSRT071480", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1481", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"}, {"name": "27092", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27092"}, {"name": "win-kodak-image-code-execution(36799)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"}, {"name": "1018784", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018784"}, {"name": "VU#180345", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/180345"}, {"name": "TA07-282A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"name": "ADV-2007-3435", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3435"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-2217", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS07-055", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"}, {"name": "25909", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25909"}, {"name": "4584", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4584"}, {"name": "HPSBST02280", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "SSRT071480", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1481", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"}, {"name": "27092", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27092"}, {"name": "win-kodak-image-code-execution(36799)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"}, {"name": "1018784", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018784"}, {"name": "VU#180345", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/180345"}, {"name": "TA07-282A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"name": "ADV-2007-3435", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3435"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-2217", "datePublished": "2007-10-09T22:00:00", "dateReserved": "2007-04-24T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:kodak:image_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "930E0F62-AEF2-4769-9529-41EBC42E8174", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file."}, {"lang": "es", "value": "En Kodak Image Viewer en Microsoft Windows 2000 SP4, y en algunos casos XP SP2 y Server 2003 SP1 y SP2, permite que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de archivos de imagen creados que desencadenan da\u00f1os en la memoria, como lo demuestra un determinado archivo .tif (TIFF)."}], "id": "CVE-2007-2217", "lastModified": "2018-10-16T16:42:32.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-09T22:17:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27092"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1018784"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/180345"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/25909"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3435"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"}, {"source": "secure@microsoft.com", "url": "https://www.exploit-db.com/exploits/4584"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}