Patch Management Software
Live Demo Free Edition Download Now
 
Windows 2000 Server Patch Details Windows 2000 Server Patches

Patch Name : Windows2000-KB925902-x86-ENU.EXE
Patch Description : Security Update for Windows 2000 (KB925902)
Bulletin Id : MS07-017
Bulletin Title : Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
KnowledgeBase : 925902
Severity : Critical
Location Path : Windows2000-KB925902-x86-ENU.EXE
Bulletin Summary: GDI Local Elevation of Privilege Vulnerability - CVE-2006-5758 :
A privilege elevation vulnerability exists in the Graphics Rendering Engine in the way that it starts applications. This vulnerability could allow a logged on user to take complete control of the system.

WMF Denial of Service Vulnerability - CVE-2007-1211:
A denial of service vulnerability exists in Windows when rendering Windows Metafile (WMF) image format files. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and possibly restart.

EMF Elevation of Privilege Vulnerability CVE-2007-1212:
An elevation of privilege vulnerability exists in the rendering of Enhanced Metafile (EMF) image format files. Any program that renders EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

GDI Invalid Window Size Elevation of Privilege Vulnerability - CVE-2006-5586:
A privilege elevation vulnerability exists in the Graphics Rendering Engine in the way that it renders layered application windows. This vulnerability could allow a logged on user to take complete control of the system.

Windows Animated Cursor Remote Code Execution Vulnerability - CVE-2007-0038:
A remote code execution vulnerability exists in the way that Windows handles cursor, animated cursor, and icon formats. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

GDI Incorrect Parameter Local Elevation of Privilege Vulnerability - CVE-2007-1215:
A local elevation of privilege vulnerability exists in the Graphics Device Interface due to the way it processes color-related parameters. This vulnerability could allow an attacker to take complete control of the system.

Font Rasterizer Local Elevation of Privilege Vulnerability - CVE-2007-1213:
A local elevation of privilege vulnerability exists in the TrueType Fonts rasterizer in the way that it handles defective or modified font types. This vulnerability could allow a logged-on user to take complete control of the system.

Superceding Bulletin Id : None
Patch Release Date : Apr 3, 2007
CVE Id : CVE-2007-1215
Affected Product Information  
Product Name Service Pack Name
Windows 2000 Advanced Server Windows 2000 Service Pack 4
Windows 2000 Professional Windows 2000 Service Pack 4
Windows 2000 Server Windows 2000 Service Pack 4
Registry changes  
Registry Path Key Name Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB925902 -2

 
Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.