Vulnerability Name:

CVE-2007-2217 (CCN-36799)

Assigned:2007-10-09
Published:2007-10-09
Updated:2018-10-16
Summary:Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2217

Source: CCN
Type: SA27092
Microsoft Windows Kodak Image Viewer Code Execution

Source: SECUNIA
Type: Vendor Advisory
27092

Source: CCN
Type: SECTRACK ID: 1018784
Kodak Image Viewer Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1018784

Source: CCN
Type: ASA-2007-419
MS07-055 Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

Source: CCN
Type: US-CERT VU#180345
Microsoft Kodak Image Viewer code execution vulnerability

Source: CERT-VN
Type: US Government Resource
VU#180345

Source: CCN
Type: Microsoft Security Bulletin MS07-055
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

Source: HP
Type: UNKNOWN
HPSBST02280

Source: BID
Type: Exploit, Patch
25909

Source: CCN
Type: BID-25909
Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA07-282A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3435

Source: MS
Type: UNKNOWN
MS07-055

Source: XF
Type: UNKNOWN
win-kodak-image-code-execution(36799)

Source: XF
Type: UNKNOWN
win-kodak-image-code-execution(36799)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1481

Source: EXPLOIT-DB
Type: UNKNOWN
4584

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • AND
  • cpe:/a:kodak:image_viewer:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1481
    V
    		Kodak Image Viewer Remote Code Execution Vulnerability
    2014-06-30
    BACK
    microsoft windows 2000 * sp4
    microsoft windows 2003 server * sp1
    microsoft windows 2003 server * sp2
    microsoft windows xp * sp2
    kodak image viewer *
    microsoft windows 2000 - sp4
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows server_2003 sp2