ID CVE-2007-1213
Summary The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 09-02-2024 - 03:23)
Impact:
Exploitability:
CWE CWE-824
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-05-09T04:01:20.612-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
description The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
family windows
id oval:org.mitre.oval:def:1797
status accepted
submitted 2007-04-09T09:49:32
title Font Rasterizer Vulnerability
version 75
refmap via4
bid 23276
hp
  • HPSBST02206
  • SSRT071354
sectrack 1017845
vupen ADV-2007-1215
Last major update 09-02-2024 - 03:23
Published 04-04-2007 - 16:19
Last modified 09-02-2024 - 03:23
Back to Top