CVE-2007-3034

Microsoft Windows 2000 - Numeric Error

Title source: rule

Description

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gil-Dong / Woo-Chi · cdoswindows

https://www.exploit-db.com/exploits/4337

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://secunia.com/advisories/26423

[US Government Resource] http://www.kb.cert.org/vuls/id/640136

[Patch] http://www.securityfocus.com/bid/25302

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-226A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/2870

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-046

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/476505/100/0/threaded

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2088

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018563

Scores

EPSS 0.7805

EPSS Percentile 99.0%

Details

CWE

CWE-189

Status published

Products (4)

microsoft/windows_2000

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_xp (2 CPE variants)

Published Aug 14, 2007

Tracked Since Feb 18, 2026