9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.5%
The remote host is running a version of the Kodak Image Viewer that may allow arbitrary code to be run.
An attacker may use this to execute arbitrary code on this host.
To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with this application.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(26961);
script_version("1.32");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/05");
script_cve_id("CVE-2007-2217");
script_bugtraq_id(25909);
script_xref(name:"MSFT", value:"MS07-055");
script_xref(name:"MSKB", value:"923810");
script_xref(name:"IAVB", value:"2007-B-0029-S");
script_xref(name:"CERT", value:"180345");
script_xref(name:"EDB-ID", value:"4584");
script_name(english:"MS07-055: Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)");
script_summary(english:"Determines the version of Kodak Image Viewer");
script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through Kodak Image
Viewer.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of the Kodak Image Viewer that may
allow arbitrary code to be run.
An attacker may use this to execute arbitrary code on this host.
To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have it open it with this application.");
# https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-055
script_set_attribute(attribute:"see_also", value:"https://www.nessus.org/u?399000fe");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-2217");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_cwe_id(94);
script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/09");
script_set_attribute(attribute:"patch_publication_date", value:"2008/10/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Windows : Microsoft Bulletins");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS07-055';
kb = '923810';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(win2k:'4,5', xp:'2', win2003:'1,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
hotfix_is_vulnerable(os:"5.2", sp:1, file:"tifflt.dll", version:"5.0.3900.7138", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.2", sp:2, file:"tifflt.dll", version:"5.0.3900.7139", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:2, file:"tifflt.dll", version:"5.0.3900.7136", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.0", file:"tifflt.dll", version:"5.0.3900.7134", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}