Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
Informations | |||
---|---|---|---|
Name | MS07-017 | First vendor Publication | 2007-04-03 |
Vendor | Microsoft | Last vendor Modification | 2008-12-09 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (December 9, 2008): Bulletin updated to add an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, about a minor revision of the Windows Server 2003 package. Customers who have already successfully applied the previous update need not take any action.Summary: This update resolves several newly discovered, publicly disclosed and privately reported vulnerabilities as well as additional issues discovered through internal investigations. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1385 | |||
Oval ID: | oval:org.mitre.oval:def:1385 | ||
Title: | GDI Invalid Window Size Elevation of Privilege Vulnerability | ||
Description: | The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-5586 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1571 | |||
Oval ID: | oval:org.mitre.oval:def:1571 | ||
Title: | WMF Denial of Service Vulnerability | ||
Description: | Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-1211 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1797 | |||
Oval ID: | oval:org.mitre.oval:def:1797 | ||
Title: | Font Rasterizer Vulnerability | ||
Description: | The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-1213 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1854 | |||
Oval ID: | oval:org.mitre.oval:def:1854 | ||
Title: | Windows Animated Cursor Remote Code Execution Vulnerability | ||
Description: | Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0038 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1923 | |||
Oval ID: | oval:org.mitre.oval:def:1923 | ||
Title: | EMF Elevation of Privilege Vulnerability | ||
Description: | Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-1212 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1927 | |||
Oval ID: | oval:org.mitre.oval:def:1927 | ||
Title: | GDI Incorrect Parameter Local Elevation of Privilege Vulnerability | ||
Description: | Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-1215 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2056 | |||
Oval ID: | oval:org.mitre.oval:def:2056 | ||
Title: | GDI Local Elevation of Privilege Vulnerability | ||
Description: | The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-5758 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Windows Animated Cursor Header buffer overflow | More info here |
Windows GDI Privilege Elevation | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-09-20 | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) |
2010-08-12 | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) |
2007-04-26 | MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017) |
2007-04-17 | MS Windows GDI - Local Privilege Escalation Exploit (MS07-017) (2) |
2007-04-08 | MS Windows GDI - Local Privilege Escalation Exploit (MS07-017) |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-14 | Name : Vulnerabilities in GDI Could Allow Remote Code Execution (925902) File : nvt/gb_ms07-017.nasl |
2010-07-08 | Name : Microsoft Windows GDI Multiple Vulnerabilities (925902) File : nvt/ms07-017.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34099 | Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation |
34098 | Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS |
34097 | Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escala... |
34096 | Microsoft Windows GDI Invalid Window Size Local Privilege Escalation |
34095 | Microsoft Windows GDI Crafted Image Local Privilege Escalation |
33629 | Microsoft IE Animated Cursor (.ani) Handling Arbitrary Command Execution A remote overflow exists in Microsoft Internet Explorer. The browser fails to check the buffer on animated cursors and icons resulting in a stack buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. |
30214 | Microsoft Windows GDI Kernel Structure Modification Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-04-03 | IAVM : 2007-A-0020 - Multiple Vulnerabilities in Microsoft Windows GDI Severity : Category I - VMSKEY : V0013883 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer ANI file parsing buffer overflow attempt RuleID : 3079-community - Revision : 25 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer ANI file parsing buffer overflow attempt RuleID : 3079 - Revision : 25 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer ani file processing - remote code execution attempt RuleID : 19886 - Revision : 5 - Type : BROWSER-IE |
Metasploit Database
id | Description |
---|---|
2007-03-28 | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) |
2007-03-28 | Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-04-03 | Name : Arbitrary code can be executed on the remote host through the email client or... File : smb_nt_ms07-017.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:12 |
|
2016-06-28 20:09:25 |
|
2014-02-17 11:45:38 |
|
2014-01-19 21:30:04 |
|
2013-11-11 12:41:05 |
|