Microsoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Windows GDI (Graphics Device Interface) enables applications to use graphics and formatted text on both video displays and printers. GDI can be used to handle bitmaps, metafiles, and fonts. Microsoft Windows GDI contains an integer overflow vulnerability in the AttemptWrite()
function. This integer overflow leads to a heap overflow.
By convincing a user to view a specially crafted metafile, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
This vulnerability is addressed by Microsoft Security Bulletin MS07-046. This bulletin provides an updated version of GDI.
640136
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 14, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
This vulnerability is addressed by Microsoft Security Bulletin MS07-046. This bulletin provides an updated version of GDI.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23640136 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Microsoft for reporting this vulnerability, who in turn credit eEye Digital Security.
This document was written by Will Dormann.
CVE IDs: | CVE-2007-3034 |
---|---|
Severity Metric: | 27.34 Date Public: |