CVE-2007-1213

The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/466186/100/200/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/23276	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017845	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/1215	Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1797	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

History

No history.

Information

Published : 2007-04-04 16:19

Updated : 2024-02-09 03:23

NVD link : CVE-2007-1213

Mitre link : CVE-2007-1213

CVE.ORG link : CVE-2007-1213

JSON object : View

Products Affected

microsoft

windows_2000

CWE

CWE-824

Access of Uninitialized Pointer

{"id": "CVE-2007-1213", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-04T16:19:00.000", "references": [{"url": "http://www.securityfocus.com/archive/1/466186/100/200/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/23276", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1017845", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2007/1215", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1797", "tags": ["Broken Link"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-824"}]}], "descriptions": [{"lang": "en", "value": "The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer."}, {"lang": "es", "value": "La fuente rasterizer en Microsoft Windows 2000 SP4 permite a usuarios locales ganar privilegios a trav\u00e9s de fuentes TrueType manipuladas, el cual resultar\u00e1 en una funci\u00f3n de puntero no inicializada."}], "lastModified": "2024-02-09T03:23:20.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}