FKIE_CVE-2007-2217

Vulnerability from fkie_nvd - Published: 2007-10-09 22:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
References
secure@microsoft.comhttp://secunia.com/advisories/27092Vendor Advisory
secure@microsoft.comhttp://securitytracker.com/id?1018784
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/180345US Government Resource
secure@microsoft.comhttp://www.securityfocus.com/archive/1/482366/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/25909Exploit, Patch
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-282A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/3435Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/36799
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481
secure@microsoft.comhttps://www.exploit-db.com/exploits/4584
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27092Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018784
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/180345US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482366/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25909Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-282A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3435Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36799
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4584
Impacted products
Vendor Product Version
microsoft windows_2000 *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_xp *
kodak image_viewer *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kodak:image_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "930E0F62-AEF2-4769-9529-41EBC42E8174",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file."
    },
    {
      "lang": "es",
      "value": "En Kodak Image Viewer en Microsoft Windows 2000 SP4, y en algunos casos XP SP2 y Server 2003 SP1 y SP2, permite que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de archivos de imagen creados que desencadenan da\u00f1os en la memoria, como lo demuestra un determinado archivo .tif (TIFF)."
    }
  ],
  "id": "CVE-2007-2217",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-09T22:17:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27092"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1018784"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/180345"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25909"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3435"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/4584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/180345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4584"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.