CVE-2007-2217

Kodak Image Viewer - Remote Code Execution via Crafted TIFF File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2217. PoCs published by grabarz, Gil-Dong / Woo-Chi.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft Internet Explorer (MS07-055) by crafting a malicious TIFF file to achieve remote code execution. It leverages predictable memory addresses in IE's ImageBase to control EIP and execute shellcode that launches calc.exe.

Description

Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by grabarz · perlremotewindows
https://www.exploit-db.com/exploits/4616

This exploit targets a vulnerability in Microsoft Internet Explorer (MS07-055) by crafting a malicious TIFF file to achieve remote code execution. It leverages predictable memory addresses in IE's ImageBase to control EIP and execute shellcode that launches calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer (versions 5.01, 5.5, 6.0 SP1 on Windows 2000 SP4)
No auth needed
Prerequisites: Victim must open the malicious TIFF file in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Gil-Dong / Woo-Chi · clocalwindows
https://www.exploit-db.com/exploits/4584

This is a functional proof-of-concept exploit for CVE-2007-2217, targeting a buffer overflow vulnerability in the Kodak Image Viewer's TIFF file parsing. The code generates a malicious TIFF file that triggers arbitrary code execution when opened.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kodak Image Viewer (versions affected by MS07-055)
No auth needed
Prerequisites: Victim must open the malicious TIFF file in Kodak Image Viewer
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25909
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4584
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/482366/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1481
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27092
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36799
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018784
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/180345
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-282A.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3435

Scores

EPSS 0.4142
EPSS Percentile 98.5%

Details

CWE
CWE-94
Status published
Products (1)
kodak/image_viewer
Published Oct 09, 2007
Tracked Since Feb 18, 2026