9.3

CVE-2007-3034

EPSS 81.88%
Veröffentlicht 14.08.2007 21:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Updatesp1

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Xp Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	81.88%	0.992

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA07-226A.html

US Government Resource

http://secunia.com/advisories/26423

Vendor Advisory

http://www.kb.cert.org/vuls/id/640136

US Government Resource

http://www.securityfocus.com/archive/1/476505/100/0/threaded

http://www.securityfocus.com/bid/25302

Patch

http://www.securitytracker.com/id?1018563

http://www.vupen.com/english/advisories/2007/2870

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-046

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2088

https://nvd.nist.gov/vuln/detail/CVE-2007-3034

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3034

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3034

EUVD