SAINT CorporationSAINT:99279CB6CBB9D5B10436471AB0CBD676Kodak Image Viewer TIFF image handling vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.5%
Added: 10/15/2007
CVE: CVE-2007-2217
BID: 25909
OSVDB: 37627
Background
The Windows Kodak Image Viewer is a utility for rendering various image formats. It is included in Windows 2000, and may also be present on newer versions of Windows if a computer was upgraded from Windows 2000.
Problem
A memory corruption vulnerability in the Windows Kodak Image Viewer could allow command execution when a user opens a specially crafted TIFF file.
Resolution
Install the update referenced in Microsoft Security Bulletin 07-055.
References
<http://www.microsoft.com/technet/security/bulletin/MS07-055.mspx>
Limitations
Exploit requires a user to open the exploit file in Kodak Image Viewer.
Platforms
Windows 2000
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.5%