Microsoft Security Bulletin MS07-055 - Critical
Kodak Image Viewer Could Allow Remote Code Execution (923810)
Published: October 9, 2007
| Updated: October 17, 2007
This critical security update resolves a privately reported vulnerability. A
remote code execution vulnerability exists in the way that the Kodak Image
Viewer, formerly known as Wang Image Viewer, handles specially crafted images
files. The vulnerability could allow an attacker to remotely execute code on
the affected system. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights.
This vulnerability exists only on systems running Windows 2000. However,
systems running supported 32-bit editions of Windows XP and Windows Server 2003
may also be affected if upgraded from Windows 2000. This is a critical security
update for Windows 2000 Service Pack 4, 32-bit editions of Windows XP Service
Pack 2, and supported 32-bit editions of Windows Server 2003. For more
information, see the subsection, Affected Software, in
This security update addresses the vulnerability by deprecating file types
that are no longer supported as well as by improving the way that the Kodak
image viewer handles specially crafted file types. For more information about
the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for
the specific vulnerability entry under the next section, Vulnerability
Recommendation. Microsoft recommends that customers apply the
update immediately following the links below coresponding to your system.
Affected and Software
The software listed here have been tested to determine which versions or
editions are affected. Other versions or editions are either past their support
life cycle or are not affected. To determine the support life cycle for your
software version or edition, visit Microsoft Support Lifecycle.
© 2007 Microsoft Corporation. All rights reserved.