CVE-2007-1213

Microsoft Windows 2000 SP4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-1213.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2007-1213) via a maliciously crafted .ANI file, leading to remote elevation of privilege. The exploit leverages a buffer overflow in the handling of animated cursor files to execute arbitrary code.

Description

The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.

Exploits (3)

exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/3804

This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2007-1213) via a maliciously crafted .ANI file, leading to remote elevation of privilege. The exploit leverages a buffer overflow in the handling of animated cursor files to execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (multiple versions)
No auth needed
Prerequisites: Victim must open or preview a malicious .ANI file
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
clocalwindows
https://www.exploit-db.com/exploits/3755

This exploit leverages a GDI local privilege escalation vulnerability (CVE-2007-1213) by manipulating a palette object's kernel pointer to execute arbitrary code in kernel mode. It targets unpatched Windows 2000/XP systems by replacing a legitimate GDI object with a malicious one, triggering execution via GetNearestPaletteIndex.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows 2000/XP (pre-MS07-017)
No auth needed
Prerequisites: Unpatched Windows 2000/XP system · Local access to the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
clocalwindows
https://www.exploit-db.com/exploits/3688

This is a functional local privilege escalation exploit for CVE-2007-1213, targeting a vulnerability in the Windows GDI component (MS07-017). It manipulates the GDI table to overwrite a win32k.sys SSDT entry, allowing arbitrary kernel code execution via a crafted payload.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows XP SP2 (GDI component)
No auth needed
Prerequisites: Local access to a vulnerable Windows XP SP2 system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1215
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23276
Broken Link, Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/466186/100/200/threaded
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017845

Scores

EPSS 0.0174
EPSS Percentile 83.0%

Details

CWE
CWE-824
Status published
Products (1)
microsoft/windows_2000
Published Apr 04, 2007
Tracked Since Feb 18, 2026