ID |
CVE-2007-1215
|
Summary |
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
|
CVSS |
Base: | 7.2 (as of 16-10-2018 - 16:37) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
oval
via4
|
accepted | 2011-05-09T04:01:23.569-04:00 | class | vulnerability | contributors | name | Sudhir Gandhe | organization | Secure Elements, Inc. |
name | Robert L. Hollis | organization | ThreatGuard, Inc. |
name | Shane Shaffer | organization | G2, Inc. |
| definition_extensions | comment | Microsoft Windows 2000 SP4 or later is installed | oval | oval:org.mitre.oval:def:229 |
comment | Microsoft Windows XP SP2 or later is installed | oval | oval:org.mitre.oval:def:521 |
comment | Microsoft Windows Server 2003 (x86) Gold is installed | oval | oval:org.mitre.oval:def:165 |
comment | Microsoft Windows Server 2003 SP1 (x86) is installed | oval | oval:org.mitre.oval:def:565 |
comment | Microsoft Windows Server 2003 SP2 (x86) is installed | oval | oval:org.mitre.oval:def:1935 |
comment | Microsoft Windows Vista is installed | oval | oval:org.mitre.oval:def:228 |
| description | Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | family | windows | id | oval:org.mitre.oval:def:1927 | status | accepted | submitted | 2007-04-09T09:49:32 | title | GDI Incorrect Parameter Local Elevation of Privilege Vulnerability | version | 77 |
|
refmap
via4
|
bid | 23273 | hp | | sectrack | 1017847 | vupen | ADV-2007-1215 |
|
Last major update |
16-10-2018 - 16:37 |
Published |
04-04-2007 - 16:19 |
Last modified |
16-10-2018 - 16:37 |