7.1
CVE-2007-2237
- EPSS 15.42%
- Veröffentlicht 06.06.2007 20:30:00
- Zuletzt bearbeitet 16.06.2026 22:39:11
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows Xp Version- Updatesp2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.42% | 0.964 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
CWE-369 Divide By Zero
The product divides a value by zero.
http://osvdb.org/38494
http://www.csis.dk/dk/forside/GdiPlus.pdf
http://www.kb.cert.org/vuls/id/290961
http://www.securityfocus.com/archive/1/470746/100/0/threaded
http://www.securityfocus.com/bid/24346
http://www.securitytracker.com/id?1018202
http://www.vupen.com/english/advisories/2007/2083
https://exchange.xforce.ibmcloud.com/vulnerabilities/34743
https://www.exploit-db.com/exploits/4044