9.3
CVE-2007-3034
- EPSS 54.75%
- Veröffentlicht 14.08.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:40:55
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows 2003 Server Updatesp2
Microsoft ≫ Windows Xp Editionprofessional_x64
Microsoft ≫ Windows Xp Updatesp2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 54.75% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://www.us-cert.gov/cas/techalerts/TA07-226A.html
http://secunia.com/advisories/26423
http://www.kb.cert.org/vuls/id/640136
http://www.securityfocus.com/archive/1/476505/100/0/threaded
http://www.securityfocus.com/bid/25302
http://www.securitytracker.com/id?1018563
http://www.vupen.com/english/advisories/2007/2870
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2088