CVE-2007-1215 : Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

Published 2007-04-04 16:19:00

Updated 2018-10-16 16:37:11

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2007-1215

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-1215

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-1215

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1927
http://www.vupen.com/english/advisories/2007/1215

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017

Microsoft Security Bulletin MS07-017 - Critical | Microsoft Learn

CVEs referencing this url
http://www.securitytracker.com/id?1017847
http://www.securityfocus.com/archive/1/466186/100/200/threaded

CVEs referencing this url
http://www.securityfocus.com/bid/23273

Products affected by CVE-2007-1215

Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Professional X64 Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update Gold Professional X64 Edition
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP1
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP1 Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Gold
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Gold Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Gold X64 Edition
cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP2
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP2 X64 Edition
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update Gold
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update Gold X64 Edition
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-1215

Exploit prediction scoring system (EPSS) score for CVE-2007-1215

CVSS scores for CVE-2007-1215

References for CVE-2007-1215

Products affected by CVE-2007-1215