Lucene search

K
saintSAINT CorporationSAINT:99279CB6CBB9D5B10436471AB0CBD676
HistoryOct 15, 2007 - 12:00 a.m.

Kodak Image Viewer TIFF image handling vulnerability

2007-10-1500:00:00
SAINT Corporation
my.saintcorporation.com
15

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%

Added: 10/15/2007
CVE: CVE-2007-2217
BID: 25909
OSVDB: 37627

Background

The Windows Kodak Image Viewer is a utility for rendering various image formats. It is included in Windows 2000, and may also be present on newer versions of Windows if a computer was upgraded from Windows 2000.

Problem

A memory corruption vulnerability in the Windows Kodak Image Viewer could allow command execution when a user opens a specially crafted TIFF file.

Resolution

Install the update referenced in Microsoft Security Bulletin 07-055.

References

<http://www.microsoft.com/technet/security/bulletin/MS07-055.mspx&gt;

Limitations

Exploit requires a user to open the exploit file in Kodak Image Viewer.

Platforms

Windows 2000

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%