CVE-2007-2237

Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
References
Link Resource
http://osvdb.org/38494 Broken Link
http://www.csis.dk/dk/forside/GdiPlus.pdf Broken Link
http://www.kb.cert.org/vuls/id/290961 Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/470746/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/24346 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018202 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/2083 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/34743 VDB Entry Vendor Advisory
https://www.exploit-db.com/exploits/4044 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

History

02 Feb 2024, 02:57

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-369
CVSS v2 : 7.1
v3 : unknown
v2 : 7.1
v3 : 5.5
References (CERT-VN) http://www.kb.cert.org/vuls/id/290961 - US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/290961 - Third Party Advisory, US Government Resource
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/34743 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/34743 - VDB Entry, Vendor Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2007/2083 - (VUPEN) http://www.vupen.com/english/advisories/2007/2083 - Broken Link
References (OSVDB) http://osvdb.org/38494 - (OSVDB) http://osvdb.org/38494 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/archive/1/470746/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/470746/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/4044 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/4044 - Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/24346 - (BID) http://www.securityfocus.com/bid/24346 - Broken Link, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1018202 - (SECTRACK) http://www.securitytracker.com/id?1018202 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://www.csis.dk/dk/forside/GdiPlus.pdf - (MISC) http://www.csis.dk/dk/forside/GdiPlus.pdf - Broken Link

Information

Published : 2007-06-06 20:30

Updated : 2024-02-28 11:01


NVD link : CVE-2007-2237

Mitre link : CVE-2007-2237

CVE.ORG link : CVE-2007-2237


JSON object : View

Products Affected

microsoft

  • windows_xp
CWE
CWE-369

Divide By Zero