CVE-2007-3034

Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 - Remote Code Execution via Crafted Metafile

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3034. PoCs published by Gil-Dong / Woo-Chi.

AI-analyzed exploit summary This PoC exploits an integer overflow in GDI32.dll via a malformed WMF file, causing a DoS. The code generates a malicious WMF file and triggers the vulnerability using Windows API calls.

Description

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gil-Dong / Woo-Chi · cdoswindows

https://www.exploit-db.com/exploits/4337

View Code ZIP pw:eip

This PoC exploits an integer overflow in GDI32.dll via a malformed WMF file, causing a DoS. The code generates a malicious WMF file and triggers the vulnerability using Windows API calls.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows (GDI32.dll, tested on Windows XP SP2)

No auth needed

Prerequisites: Ability to deliver a malicious WMF file to the target system

MITRE ATT&CK