Patch Management Software
Live Demo Free Edition Download Now
 
MS07-017 Bulletin Details Microsoft Security Bulletins

Bulletin ID:MS07-017
TitleVulnerabilities in GDI Could Allow Remote Code Execution (925902)
Summary: GDI Local Elevation of Privilege Vulnerability - CVE-2006-5758 :
A privilege elevation vulnerability exists in the Graphics Rendering Engine in the way that it starts applications. This vulnerability could allow a logged on user to take complete control of the system.

WMF Denial of Service Vulnerability - CVE-2007-1211:
A denial of service vulnerability exists in Windows when rendering Windows Metafile (WMF) image format files. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and possibly restart.

EMF Elevation of Privilege Vulnerability CVE-2007-1212:
An elevation of privilege vulnerability exists in the rendering of Enhanced Metafile (EMF) image format files. Any program that renders EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

GDI Invalid Window Size Elevation of Privilege Vulnerability - CVE-2006-5586:
A privilege elevation vulnerability exists in the Graphics Rendering Engine in the way that it renders layered application windows. This vulnerability could allow a logged on user to take complete control of the system.

Windows Animated Cursor Remote Code Execution Vulnerability - CVE-2007-0038:
A remote code execution vulnerability exists in the way that Windows handles cursor, animated cursor, and icon formats. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

GDI Incorrect Parameter Local Elevation of Privilege Vulnerability - CVE-2007-1215:
A local elevation of privilege vulnerability exists in the Graphics Device Interface due to the way it processes color-related parameters. This vulnerability could allow an attacker to take complete control of the system.

Font Rasterizer Local Elevation of Privilege Vulnerability - CVE-2007-1213:
A local elevation of privilege vulnerability exists in the TrueType Fonts rasterizer in the way that it handles defective or modified font types. This vulnerability could allow a logged-on user to take complete control of the system.

Knowledgebase: 925902


List of Patches

S.No Patch Name Severity
1.Windows2000-KB925902-x86-ENU.EXECritical
2.WindowsServer2003-SP2-KB925902-x86-ENU.exeCritical
3.WindowsXP-KB925902-x86-ENU.exeCritical
4.WindowsXP-KB925902-x64-ENU.exeCritical
5.Windows6.0-KB925902-x86.msuCritical
6.WindowsServer2003-KB925902-x64-ENU.exeCritical
7.Windows6.0-KB925902-x64.msuCritical

 
Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.