Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1212Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

6 documents4 sources
Severity
6.6MEDIUMNVD
EPSS
1.8%
top 17.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedApr 4
Latest updateMay 1

Description

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 2.7 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/windows_2003_servergold, sp1, sp2+2

🔴Vulnerability Details

2
GHSA
GHSA-fw6h-3p4w-w48m: Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local u2022-05-01
CVEList
CVE-2007-1212: Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local u2007-04-04

💥Exploits & PoCs

3
Exploit-DB
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)2007-04-26
Exploit-DB
Microsoft Windows - GDI Privilege Escalation (MS07-017) (2)2007-04-17
Exploit-DB
Microsoft Windows - GDI Privilege Escalation (MS07-017) (1)2007-04-08
CVE-2007-1212 — Microsoft vulnerability | cvebase