Vulnerability in N/a
CVE-2007-2237
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
EPSS: 0.569 (98.2th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 24346 (vdb-entry, x_refsource_BID)
- VU#290961 (x_refsource_CERT-VN, third-party-advisory)
- ADV-2007-2083 (vdb-entry, x_refsource_VUPEN)
- 4044 (exploit, x_refsource_EXPLOIT-DB)
- 1018202 (vdb-entry, x_refsource_SECTRACK)
- 20070607 CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files (mailing-list, x_refsource_BUGTRAQ)
- www.csis.dk/dk/forside/GdiPlus.pdf (x_refsource_MISC)
- 38494 (x_refsource_OSVDB, vdb-entry)
- windows-gdi-dos(34743) (vdb-entry, x_refsource_XF)