Patch Repository

MS07-017 Bulletin Details
Bulletin ID MS07-017
Title Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Summary GDI Local Elevation of Privilege Vulnerability - CVE-2006-5758 :
A privilege elevation vulnerability exists in the Graphics Rendering Engine in the way that it starts applications. This vulnerability could allow a logged on user to take complete control of the system.

WMF Denial of Service Vulnerability - CVE-2007-1211:
A denial of service vulnerability exists in Windows when rendering Windows Metafile (WMF) image format files. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and possibly restart.

EMF Elevation of Privilege Vulnerability CVE-2007-1212:
An elevation of privilege vulnerability exists in the rendering of Enhanced Metafile (EMF) image format files. Any program that renders EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

GDI Invalid Window Size Elevation of Privilege Vulnerability - CVE-2006-5586:
A privilege elevation vulnerability exists in the Graphics Rendering Engine in the way that it renders layered application windows. This vulnerability could allow a logged on user to take complete control of the system.

Windows Animated Cursor Remote Code Execution Vulnerability - CVE-2007-0038:
A remote code execution vulnerability exists in the way that Windows handles cursor, animated cursor, and icon formats. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

GDI Incorrect Parameter Local Elevation of Privilege Vulnerability - CVE-2007-1215:
A local elevation of privilege vulnerability exists in the Graphics Device Interface due to the way it processes color-related parameters. This vulnerability could allow an attacker to take complete control of the system.

Font Rasterizer Local Elevation of Privilege Vulnerability - CVE-2007-1213:
A local elevation of privilege vulnerability exists in the TrueType Fonts rasterizer in the way that it handles defective or modified font types. This vulnerability could allow a logged-on user to take complete control of the system.

Knowledgebase 925902

List of Patches

S.No Patch Name Severity
1WindowsServer2003-SP2-KB925902-x86-ENU.exeCritical
2WindowsXP-KB925902-x64-ENU.exeCritical
3Windows6.0-KB925902-x86.msuCritical
4WindowsServer2003-KB925902-x64-ENU.exeCritical
5Windows6.0-KB925902-x64.msuCritical

Disclaimer: This webpage is intended to provide you information about patch announcement for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website.