CVE-2007-2217 - OpenCVE

Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kodak	Image Viewer
Microsoft	Windows 2000 Windows 2003 Server Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

cpe:2.3:a:kodak:image_viewer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/27092
http://securitytracker.com/id?1018784
http://www.kb.cert.org/vuls/id/180345
http://www.securityfocus.com/archive/1/482366/100/0/threaded
http://www.securityfocus.com/bid/25909
http://www.us-cert.gov/cas/techalerts/TA07-282A.html
http://www.vupen.com/english/advisories/2007/3435
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055
https://exchange.xforce.ibmcloud.com/vulnerabilities/36799
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481
https://www.exploit-db.com/exploits/4584

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-10-09T22:00:00

Updated: 2024-08-07T13:23:51.082Z

Reserved: 2007-04-24T00:00:00

Link: CVE-2007-2217

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-09T22:17:00.000

Modified: 2018-10-16T16:42:32.647

Link: CVE-2007-2217

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS07-055", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"}, {"name": "25909", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25909"}, {"name": "4584", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4584"}, {"name": "HPSBST02280", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "SSRT071480", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1481", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"}, {"name": "27092", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27092"}, {"name": "win-kodak-image-code-execution(36799)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"}, {"name": "1018784", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018784"}, {"name": "VU#180345", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/180345"}, {"name": "TA07-282A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"name": "ADV-2007-3435", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3435"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-2217", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS07-055", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"}, {"name": "25909", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25909"}, {"name": "4584", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4584"}, {"name": "HPSBST02280", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "SSRT071480", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1481", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"}, {"name": "27092", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27092"}, {"name": "win-kodak-image-code-execution(36799)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"}, {"name": "1018784", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018784"}, {"name": "VU#180345", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/180345"}, {"name": "TA07-282A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"name": "ADV-2007-3435", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3435"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:51.082Z"}, "title": "CVE Program Container", "references": [{"name": "MS07-055", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"}, {"name": "25909", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25909"}, {"name": "4584", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4584"}, {"name": "HPSBST02280", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "SSRT071480", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1481", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"}, {"name": "27092", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27092"}, {"name": "win-kodak-image-code-execution(36799)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"}, {"name": "1018784", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018784"}, {"name": "VU#180345", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/180345"}, {"name": "TA07-282A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"name": "ADV-2007-3435", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3435"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-2217", "datePublished": "2007-10-09T22:00:00", "dateReserved": "2007-04-24T00:00:00", "dateUpdated": "2024-08-07T13:23:51.082Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:kodak:image_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "930E0F62-AEF2-4769-9529-41EBC42E8174", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file."}, {"lang": "es", "value": "En Kodak Image Viewer en Microsoft Windows 2000 SP4, y en algunos casos XP SP2 y Server 2003 SP1 y SP2, permite que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de archivos de imagen creados que desencadenan da\u00f1os en la memoria, como lo demuestra un determinado archivo .tif (TIFF)."}], "id": "CVE-2007-2217", "lastModified": "2018-10-16T16:42:32.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-09T22:17:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27092"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1018784"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/180345"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/25909"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3435"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"}, {"source": "secure@microsoft.com", "url": "https://www.exploit-db.com/exploits/4584"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}