Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1215

6 documents4 sources
Severity
7.2HIGH
EPSS
2.4%
top 14.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows 2003 Server
Timeline
PublishedApr 4
Latest updateMay 1

Description

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/windows_2003_servergold, sp1, sp2+2

🔴Vulnerability Details

2
GHSA
GHSA-465v-343m-p6rx: Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local u2022-05-01
CVEList
CVE-2007-1215: Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local u2007-04-04

💥Exploits & PoCs

3
Exploit-DB
Microsoft Windows - '.ani' GDI Remote Privilege Escalation (MS07-017)2007-04-26
Exploit-DB
Microsoft Windows - GDI Privilege Escalation (MS07-017) (2)2007-04-17
Exploit-DB
Microsoft Windows - GDI Privilege Escalation (MS07-017) (1)2007-04-08
CVE-2007-1215 (HIGH CVSS 7.2) | Buffer overflow in the Graphics Dev | cvebase.io