CVE-2007-1212

Microsoft Windows < Vista - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-1212.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2007-1212) via a maliciously crafted .ANI file, leading to remote elevation of privilege. The exploit leverages a buffer overflow in the handling of animated cursor files to execute arbitrary code.

Description

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.

Exploits (3)

exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/3804

This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2007-1212) via a maliciously crafted .ANI file, leading to remote elevation of privilege. The exploit leverages a buffer overflow in the handling of animated cursor files to execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (multiple versions)
No auth needed
Prerequisites: Target system must process the malicious .ANI file
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
clocalwindows
https://www.exploit-db.com/exploits/3755

This exploit leverages a GDI local privilege escalation vulnerability (CVE-2007-1212) by manipulating a palette object's kernel pointer in shared memory to execute arbitrary code in kernel mode. It demonstrates the vulnerability by hooking the GetNearestPaletteIndex function to gain elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Windows 2000/XP before MS07-017 patch
No auth needed
Prerequisites: Access to a vulnerable Windows system · Ability to execute arbitrary code in user mode
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
clocalwindows
https://www.exploit-db.com/exploits/3688

This is a functional local privilege escalation exploit for CVE-2007-1212, targeting a vulnerability in the Windows GDI subsystem (MS07-017). It manipulates the GDI table to overwrite a win32k.sys SSDT entry, allowing arbitrary kernel code execution via a crafted payload.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows XP SP2 (GDI subsystem)
No auth needed
Prerequisites: Local access to a vulnerable Windows XP SP2 system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1215
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017844
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/466186/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1923
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23278

Scores

EPSS 0.0181
EPSS Percentile 83.3%

Details

Status published
Products (6)
microsoft/windows_2000
microsoft/windows_2003_server gold (3 CPE variants)
microsoft/windows_2003_server sp1 (2 CPE variants)
microsoft/windows_2003_server sp2 (3 CPE variants)
microsoft/windows_vista (2 CPE variants)
microsoft/windows_xp (3 CPE variants)
Published Apr 04, 2007
Tracked Since Feb 18, 2026