CVE Vulnerability

CVE-2007-3034

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.us-cert.gov/cas/techalerts/TA07-226A.html US Government Resource
http://www.kb.cert.org/vuls/id/640136 US Government Resource
http://www.securityfocus.com/bid/25302 Patch
http://www.securitytracker.com/id?1018563
http://secunia.com/advisories/26423 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2870 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2088
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-046
http://www.securityfocus.com/archive/1/476505/100/0/threaded
Configurations

Configuration 1

cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Information

Published : 2007-08-14 09:17

Updated : 2019-02-26 02:04

NVD link : CVE-2007-3034

Mitre link : CVE-2007-3034

Products Affected
No products.
CWE
CWE-189