CVE-2007-1946 - Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote at

CVE-2007-1946

Summary

Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.

References

http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
http://osvdb.org/41553
http://securityreason.com/securityalert/2558
http://www.securityfocus.com/archive/1/464726/100/0/threaded
http://www.securityfocus.com/bid/23321

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23321
bugtraq	20070404 Several Windows image viewers vulnerabilities
misc	http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
osvdb	41553
sreason	2558

Last major update

16-10-2018 - 16:41

Published

11-04-2007 - 01:19

Last modified

16-10-2018 - 16:41