SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#180345

Microsoft Kodak Image Viewer code execution vulnerability

Overview

The Kodak Image Viewer which is included in Windows 2000 contains a code execution vulnerability.

I. Description

The Kodak Image Viewer is included in Windows 2000. It may also be present on other versions of Windows that were upgraded from Windows 2000.

Per Microsoft Security Bulletin MS07-055:

    A remote code execution vulnerability exists in the way that the Kodak Image Viewer in Windows handles specially crafted image files. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user visited a Web site, viewed a specially crafted e-mail message, or opened an e-mail attachment. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Note that there is publicly available proof of concept code that targets this vulnerability.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution

Update

Microsoft has released an update to address this vulnerability.

Run applications as with limited user accounts

When possible, running applications with a user account that has limited privileges may reduce the impact of this vulnerability.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationVulnerable30-Oct-2007

References


http://www.microsoft.com/technet/security/bulletin/ms07-055.mspx
http://milw0rm.com/exploits/4584
http://www.milw0rm.com/exploits/4616

Credit

Microsoft credits Cu Fang for reporting and Rita Schappler for providing information about this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public:2007-10-09
Date First Published:2007-10-30
Date Last Updated:2007-11-12
CERT Advisory: 
CVE-ID(s):CVE-2007-2217
NVD-ID(s):CVE-2007-2217
US-CERT Technical Alerts: 
Metric:20.66
Document Revision:8

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader