CVE-2007-2217
Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055)
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
En Kodak Image Viewer en Microsoft Windows 2000 SP4, y en algunos casos XP SP2 y Server 2003 SP1 y SP2, permite que los atacantes remotos ejecuten código arbitrario por medio de archivos de imagen creados que desencadenan daños en la memoria, como lo demuestra un determinado archivo .tif (TIFF).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-04-24 CVE Reserved
- 2007-10-09 CVE Published
- 2007-11-11 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1018784 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/180345 | Third Party Advisory |
|
| http://www.us-cert.gov/cas/techalerts/TA07-282A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36799 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4584 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/4616 | 2007-11-11 | |
| http://www.securityfocus.com/bid/25909 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27092 | 2018-10-16 | |
| http://www.securityfocus.com/archive/1/482366/100/0/threaded | 2018-10-16 | |
| http://www.vupen.com/english/advisories/2007/3435 | 2018-10-16 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kodak Search vendor "Kodak" | Image Viewer Search vendor "Kodak" for product "Image Viewer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
| Kodak Search vendor "Kodak" | Image Viewer Search vendor "Kodak" for product "Image Viewer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp1 |
Safe
|
| Kodak Search vendor "Kodak" | Image Viewer Search vendor "Kodak" for product "Image Viewer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | * | sp2 |
Safe
|
| Kodak Search vendor "Kodak" | Image Viewer Search vendor "Kodak" for product "Image Viewer" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|