Kodak Image Viewer TIFF image handling vulnerability

2007-10-15T00:00:00
ID SAINT:99279CB6CBB9D5B10436471AB0CBD676
Type saint
Reporter SAINT Corporation
Modified 2007-10-15T00:00:00

Description

Added: 10/15/2007
CVE: CVE-2007-2217
BID: 25909
OSVDB: 37627

Background

The Windows Kodak Image Viewer is a utility for rendering various image formats. It is included in Windows 2000, and may also be present on newer versions of Windows if a computer was upgraded from Windows 2000.

Problem

A memory corruption vulnerability in the Windows Kodak Image Viewer could allow command execution when a user opens a specially crafted TIFF file.

Resolution

Install the update referenced in Microsoft Security Bulletin 07-055.

References

<http://www.microsoft.com/technet/security/bulletin/MS07-055.mspx>

Limitations

Exploit requires a user to open the exploit file in Kodak Image Viewer.

Platforms

Windows 2000