postwait
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Microsoft Security Bulletin MS07-055 - Critical

from [Microsoft Corp.] [Permanent Link][Original]
To: undisclosed-recipients:;
Subject: Microsoft Security Bulletin MS07-055 - Critical
From: "Microsoft Corp."<clittleford@xxxxxxxxxxxxx>
Date: Tue, 13 Nov 2007 14:48:33 -0500
Reply-to: <Microsoft.Corp.@xxxxxxxxxxxxx>
Sender: postwait-bounce@xxxxxxxxxxx

Microsoft Security Bulletin MS07-055 - Critical

Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

Published: October 9, 2007 | Updated: October 17, 2007

Version: 1.1

General Information

Executive Summary

This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specially crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This vulnerability exists only on systems running Windows 2000. However, systems running supported 32-bit editions of Windows XP and Windows Server 2003 may also be affected if upgraded from Windows 2000. This is a critical security update for Windows 2000 Service Pack 4, 32-bit editions of Windows XP Service Pack 2, and supported 32-bit editions of Windows Server 2003. For more information, see the subsection, Affected Software, in this section.

This security update addresses the vulnerability by deprecating file types that are no longer supported as well as by improving the way that the Kodak image viewer handles specially crafted file types. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update immediately following the links below coresponding to your system.

Affected and Software

The software listed here have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.

Affected Software

Operating System

Maximum Security Impact

Aggregate Severity Rating

Bulletins Replaced by This Update

Microsoft Windows 2000 Service Pack 4

Remote Code Execution

Critical

None

Windows XP Service Pack 2

Remote Code Execution

Critical

None

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2

Remote Code Execution

Critical

None

© 2007 Microsoft Corporation. All rights reserved.

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Microsoft Security Bulletin MS07-055 - Critical, Microsoft Corp. <=
Previous by Date:  Hello, Peter Robinson
Next by Date:  Question about Item -- Respond Now, eBay
Previous by Thread:  Hello, Peter Robinson
Next by Thread:  Question about Item -- Respond Now, eBay
Indexes:  [Date] [Thread] [Top] [All Lists]