9.3

CVE-2007-3034

EPSS 81.88%
Published 14.08.2007 21:17:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Updatesp1

Microsoft ≫ Windows 2003 Server Updatesp2

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Xp Editionprofessional_x64

Microsoft ≫ Windows Xp Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	81.88%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA07-226A.html

US Government Resource

http://secunia.com/advisories/26423

Vendor Advisory

http://www.kb.cert.org/vuls/id/640136

US Government Resource

http://www.securityfocus.com/archive/1/476505/100/0/threaded

http://www.securityfocus.com/bid/25302

Patch

http://www.securitytracker.com/id?1018563

http://www.vupen.com/english/advisories/2007/2870

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-046

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2088

https://nvd.nist.gov/vuln/detail/CVE-2007-3034

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3034

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3034

EUVD