Detections
Analytics

MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

high Nessus Plugin ID 24911

Language:

Synopsis

Arbitrary code can be executed on the remote host through the email client or the web browser.

Description

The remote host is running a version of Windows with a bug in the Animated Cursor (ANI) handling routine that could allow an attacker to execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote host into visiting a rogue web site.

Additionally, the system is vulnerable to :

 - Local Privilege Elevation (GDI, EMF, Font Rasterizer)

 - Denial of Service (WMF)

Solution

Microsoft has released a set of patches for Windows 2000, XP, 2003 and Vista.

See Also

https://www.nessus.org/u?844ca267

Plugin Details

Severity: High

ID: 24911

File Name: smb_nt_ms07-017.nasl

Version: 1.38

Type: local

Agent: windows

Published: 4/3/2007

Updated: 8/5/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/3/2007

Vulnerability Publication Date: 11/6/2006

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP))

Reference Information

CVE: CVE-2006-5586, CVE-2006-5758, CVE-2007-0038, CVE-2007-1211, CVE-2007-1212, CVE-2007-1213, CVE-2007-1215, CVE-2007-1765

BID: 23194, 23273, 23275, 23276, 23277, 23278

CERT: 191609

IAVA: 2007-A-0020-S

MSFT: MS07-017

MSKB: 925902