CVE-2007-2237
published 2007-06-06CVE-2007-2237: Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an…
PriorityP419medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EXPLOIT
EPSS
15.42%
96.4th percentile
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gimp | < gimp 2.8.22-1 (bookworm) | gimp 2.8.22-1 (bookworm) |
| gimp | gimp | < 2.8.22 | 2.8.22 |
| gimp | gimp | >= 0 < 2.8.22-1 | 2.8.22-1 |
| gimp | gimp | >= 0 < 2.8.22-1 | 2.8.22-1 |
| gimp | gimp | >= 0 < 2.8.22-1 | 2.8.22-1 |
| gimp | gimp | >= 0 < 2.8.22-1 | 2.8.22-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect ICO files where the InfoHeader Height field is set to zero — this triggers a divide-by-zero in GdiPlus.dll and is the core exploit condition for CVE-2007-2237. ↗
- →Monitor Windows Explorer and Picture and Fax Viewer processes for crashes or unexpected termination when processing ICO files, as these applications were specifically identified as vulnerable. ↗
- →Inspect ICO files delivered via web or email for a zero-value Height field in the BITMAPINFOHEADER (InfoHeader) structure; such files should be treated as malicious. ↗
- ·The vulnerable component is GdiPlus.dll (GDI+); any application on Windows that uses this library to render ICO files is potentially affected, not just the explicitly named applications. ↗
- ·A closely related issue (CVE-2007-3126) affects GIMP before 2.8.22 with the same ICO/InfoHeader Height=0 trigger; detection logic for malformed ICO files should cover both CVEs. ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2433-jm2h-c4v9: gdiplus
ghsa_unreviewed·2022-05-02·CVSS 5.5
CVE-2008-4327 [MEDIUM] GHSA-2433-jm2h-c4v9: gdiplus
gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.
GHSA
GHSA-42cx-qwh9-c3xj: Microsoft Windows Graphics Device Interface (GDI+, GdiPlus
ghsa_unreviewed·2022-05-01
CVE-2007-2237 [HIGH] CWE-369 GHSA-42cx-qwh9-c3xj: Microsoft Windows Graphics Device Interface (GDI+, GdiPlus
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
GHSA
GHSA-4vhr-6jhx-vf2q: Gimp before 2
ghsa_unreviewed·2022-05-01·CVSS 5.5
CVE-2007-3126 [MEDIUM] GHSA-4vhr-6jhx-vf2q: Gimp before 2
Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.
OSV
CVE-2007-3126: Gimp before 2
osv·2007-06-08·CVSS 5.5
CVE-2007-3126 [MEDIUM] CVE-2007-3126: Gimp before 2
Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.
Red Hat
Gimp: context-dependent attackers to cause a denial of service
vendor_redhat·2022-02-07·CVSS 5.5
CVE-2007-3126 [MEDIUM] CWE-400 Gimp: context-dependent attackers to cause a denial of service
Gimp: context-dependent attackers to cause a denial of service
Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.
Statement: Red Hat does not consider a user-assisted crash of a user application such as GIMP to be a security issue.
Package: gimp (Red Hat Enterprise Linux 6) - Out of support scope
Package: gimp (Red Hat Enterprise Linux 7) - Not affected
Package: gimp:2.8/gimp (Red Hat Enterprise Linux 8) - Not affected
Package: gimp:flatpak/gimp (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2007-3126: gimp - Gimp before 2.8.22 allows context-dependent attackers to cause a denial of servi...
vendor_debian·2007·CVSS 5.5
CVE-2007-3126 [MEDIUM] CVE-2007-3126: gimp - Gimp before 2.8.22 allows context-dependent attackers to cause a denial of servi...
Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.
Scope: local
bookworm: resolved (fixed in 2.8.22-1)
bullseye: resolved (fixed in 2.8.22-1)
forky: resolved (fixed in 2.8.22-1)
sid: resolved (fixed in 2.8.22-1)
trixie: resolved (fixed in 2.8.22-1)
No detection rules found.
Exploit-DB
Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service
exploitdb·2007-06-07·CVSS 5.5
CVE-2007-2237 [MEDIUM] Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service
Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service
---
####################################
# Author : kad #
# Mail : kad[at]highsecu[dot]com #
# Site : http://www.highsecu.com #
####################################
highsecu.ico - Microsoft GDI+ Integer division by zero flaw handling .ICO files
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4044.zip (06072007-CVE-2007-2237.zip)
# milw0rm.com [2007-06-07]
Exploit-DB
Microsoft Windows XP - GDI+ '.ICO' File Remote Denial of Service
exploitdb·2007-06-06
CVE-2007-2237 Microsoft Windows XP - GDI+ '.ICO' File Remote Denial of Service
Microsoft Windows XP - GDI+ '.ICO' File Remote Denial of Service
---
source: https://www.securityfocus.com/bid/24346/info
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files.
An attacker may exploit this issue by enticing victims into opening a malicious file.
Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30160.ico.zip
Exploit-DB
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
exploitdb·2007-04-07·CVSS 7.6
CVE-2006-3747 [HIGH] Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
---
#!/bin/sh
# Exploit for Apache mod_rewrite off-by-one(Win32).
#
# by axis
# http://www.ph4nt0m.org
# 2007-04-06
#
# Tested on Apache 2.0.58 (Win32)
# Windows2003 CN SP1
#
# Vulnerable Apache Versions:
# * 1.3 branch: >1.3.28 and 2.0.46 and 2.2.0 and
# 2006-08-20
# http://www.milw0rm.com/exploits/2237
#
#
#
# to successfully exploit the vuln,there are some conditions
# http://www.vuxml.org/freebsd/dc8c08c7-1e7c-11db-88cf-000c6ec775d9.html
#
#
# some compilers added padding to the stack, so they could not be exploited,like gcc under redhat
#
# for more details about the vuln please see:
# http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded
#
#
# no opcodes needed under windows!
# it will directly run our s
No writeups or analysis indexed.
http://osvdb.org/38494http://www.csis.dk/dk/forside/GdiPlus.pdfhttp://www.kb.cert.org/vuls/id/290961http://www.securityfocus.com/archive/1/470746/100/0/threadedhttp://www.securityfocus.com/bid/24346http://www.securitytracker.com/id?1018202http://www.vupen.com/english/advisories/2007/2083https://exchange.xforce.ibmcloud.com/vulnerabilities/34743https://www.exploit-db.com/exploits/4044http://osvdb.org/38494http://www.csis.dk/dk/forside/GdiPlus.pdfhttp://www.kb.cert.org/vuls/id/290961http://www.securityfocus.com/archive/1/470746/100/0/threadedhttp://www.securityfocus.com/bid/24346http://www.securitytracker.com/id?1018202http://www.vupen.com/english/advisories/2007/2083https://exchange.xforce.ibmcloud.com/vulnerabilities/34743https://www.exploit-db.com/exploits/4044
2007-06-06
Published