Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
References
Link | Resource |
---|---|
http://osvdb.org/38494 | Broken Link |
http://www.csis.dk/dk/forside/GdiPlus.pdf | Broken Link |
http://www.kb.cert.org/vuls/id/290961 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/archive/1/470746/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/24346 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1018202 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2007/2083 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/34743 | VDB Entry Vendor Advisory |
https://www.exploit-db.com/exploits/4044 | Third Party Advisory VDB Entry |
Configurations
History
02 Feb 2024, 02:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:* |
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* |
CWE | CWE-369 | |
CVSS |
v2 : v3 : |
v2 : 7.1
v3 : 5.5 |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/290961 - Third Party Advisory, US Government Resource | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/34743 - VDB Entry, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2007/2083 - Broken Link | |
References | (OSVDB) http://osvdb.org/38494 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/470746/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/4044 - Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/24346 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1018202 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.csis.dk/dk/forside/GdiPlus.pdf - Broken Link |
Information
Published : 2007-06-06 20:30
Updated : 2024-02-28 11:01
NVD link : CVE-2007-2237
Mitre link : CVE-2007-2237
CVE.ORG link : CVE-2007-2237
JSON object : View
Products Affected
microsoft
- windows_xp
CWE
CWE-369
Divide By Zero