Vulnerability Name:
CVE-2007-1212 (CCN-33259)
Assigned:
2007-04-03
Published:
2007-04-03
Updated:
2018-10-16
Summary:
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.
CVSS v3 Severity:
7.5 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
Required
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
6.6 Medium
(CVSS v2 Vector:
AV:L/AC:M/Au:S/C:C/I:C/A:C
)
4.9 Medium
(Temporal CVSS v2 Vector:
AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Medium
Authentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
6.0 Medium
(CCN CVSS v2 Vector:
AV:L/AC:H/Au:S/C:C/I:C/A:C
)
4.5 Medium
(CCN Temporal CVSS v2 Vector:
AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
High
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Privileges
References:
Source: MITRE
Type: CNA
CVE-2007-1212
Source: CCN
Type: SECTRACK ID: 1017844
Windows Kernel EMF Image Processing Bug Lets Local Users Gain System Privileges
Source: CCN
Type: ASA-2007-140
MS07-17 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Source: CCN
Type: Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Source: HP
Type: UNKNOWN
HPSBST02206
Source: BID
Type: UNKNOWN
23278
Source: CCN
Type: BID-23278
Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability
Source: SECTRACK
Type: UNKNOWN
1017844
Source: VUPEN
Type: UNKNOWN
ADV-2007-1215
Source: MS
Type: UNKNOWN
MS07-017
Source: XF
Type: UNKNOWN
win-emf-image-bo(33259)
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1923
Vulnerable Configuration:
Configuration 1
:
cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
OR
cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
OR
cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.mitre.oval:def:1923
V
EMF Elevation of Privilege Vulnerability
2011-05-09
BACK
microsoft
windows 2000 * sp4
microsoft
windows 2003 server gold
microsoft
windows 2003 server gold
microsoft
windows 2003 server gold
microsoft
windows 2003 server sp1
microsoft
windows 2003 server sp1
microsoft
windows 2003 server sp2
microsoft
windows 2003 server sp2
microsoft
windows 2003 server sp2
microsoft
windows vista * gold
microsoft
windows vista * gold
microsoft
windows xp * gold
microsoft
windows xp * sp2
microsoft
windows xp * sp2
microsoft
windows 2000 - sp4
microsoft
windows 2003_server
microsoft
windows xp sp2
microsoft
windows 2003 server -
microsoft
windows 2003_server sp1
microsoft
windows 2003_server sp1_itanium
microsoft
windows vista *
microsoft
windows server_2003 sp2
microsoft
windows server_2003 sp2
microsoft
windows server_2003 sp2
microsoft
windows vista -
microsoft
windows xp sp2
microsoft
windows 2003 *
Denotes that component is vulnerable