CVE-2007-1215

Microsoft Windows - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-1215. PoCs published by Lionel d'Hauenens, Ivanlef0u.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2007-0038) via a maliciously crafted .ANI file, leading to remote elevation of privilege. The exploit leverages a heap overflow in the handling of animated cursor files to execute arbitrary code.

Description

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Lionel d'Hauenens · textremotewindows
https://www.exploit-db.com/exploits/3804

This exploit targets a vulnerability in Microsoft Windows GDI (CVE-2007-0038) via a maliciously crafted .ANI file, leading to remote elevation of privilege. The exploit leverages a heap overflow in the handling of animated cursor files to execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (pre-MS07-017 patch)
No auth needed
Prerequisites: Target system must be running an unpatched version of Windows affected by MS07-017 · Ability to deliver a malicious .ANI file to the target (e.g., via web, email, or shared drive)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Lionel d'Hauenens · clocalwindows
https://www.exploit-db.com/exploits/3755

This exploit leverages a GDI table manipulation vulnerability (CVE-2006-5586) to achieve local privilege escalation by replacing a legitimate palette object with a malicious one, triggering kernel-mode execution of arbitrary code via a hook function.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Windows 2000/XP (pre-MS07-017 patch)
No auth needed
Prerequisites: Local access to the target system · Unpatched Windows 2000/XP system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Ivanlef0u · clocalwindows
https://www.exploit-db.com/exploits/3688

This is a functional local privilege escalation exploit for CVE-2007-1215, targeting a vulnerability in the Windows GDI component. It manipulates the GDI table to overwrite a win32k.sys SSDT entry, allowing arbitrary code execution in kernel mode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows XP SP2 (GDI component)
No auth needed
Prerequisites: Local access to a vulnerable Windows XP SP2 system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1215
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017847
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1927
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/466186/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23273

Scores

EPSS 0.0272
EPSS Percentile 84.1%

Details

Status published
Products (6)
microsoft/windows_2000
microsoft/windows_2003_server gold (3 CPE variants)
microsoft/windows_2003_server sp1 (2 CPE variants)
microsoft/windows_2003_server sp2 (3 CPE variants)
microsoft/windows_vista (2 CPE variants)
microsoft/windows_xp (3 CPE variants)
Published Apr 04, 2007
Tracked Since Feb 18, 2026