CVE-2007-2217

Kodak Image Viewer - Code Injection

Title source: rule

Description

Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by grabarz · perlremotewindows

https://www.exploit-db.com/exploits/4616

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Gil-Dong / Woo-Chi · clocalwindows

https://www.exploit-db.com/exploits/4584

View Code ZIP pw:eip

References (11)

[Vendor Advisory] http://secunia.com/advisories/27092

[US Government Resource] http://www.kb.cert.org/vuls/id/180345

[Exploit, Patch] http://www.securityfocus.com/bid/25909

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-282A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/3435

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-055

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36799

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/482366/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4584

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018784

Scores

EPSS 0.8526

EPSS Percentile 99.4%

Details

CWE

CWE-94

Status published

Products (1)

kodak/image_viewer

Published Oct 09, 2007

Tracked Since Feb 18, 2026