cbcvebase.
CVE-2007-2217
published 2007-10-09

CVE-2007-2217: Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via…

PriorityP259critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
41.41%
98.5th percentile
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

Detection & IOCsextracted from sources · hover to see the quote

filenamems07-055.tif
bytes
49 49 2A 00 90 3E 00 00
  • Malicious TIFF files exploiting CVE-2007-2217 begin with the little-endian TIFF magic bytes 49 49 2A 00 followed by IFD offset 90 3E 00 00; detect files with this specific header pattern.
  • Crafted TIFF files triggering this vulnerability cause memory corruption; alert on .tif/.tiff files delivered via browser (Internet Explorer) that subsequently cause abnormal process execution or crashes in the Kodak Image Viewer component.
  • ·The exploit's EIP-control technique relies on Internet Explorer's fixed ImageBase at 0x00400000 and is therefore only reliable on Windows 2000 SP4 with IE 5.01, IE 5.5, or IE 6.0 SP1; the technique may not work on XP SP2 or Server 2003 where ASLR or differing memory layouts apply.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.