| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS07-007 | Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) | Microsoft Windows | Critical | 14-02-2007 |
Technical Information
Brief overview of the risk:
A privilege elevation vulnerability exists in Windows XP Service Pack 2 in the way that the Window Image Acquisition Service starts applications. This vulnerability could allow a logged on user to take complete control of the system.
Detailed Information on the risk:
The Microsoft Windows Image Acquisition (WIA) Service provides an API that enables graphics programs to obtain pictures from hardware devices such as image scanners and digital cameras. An unchecked buffer in the API can be overflowed by a user application, allowing code to be executed in a privileged context.Further information on this exploit is available at : MS07-007
Affected Software
Microsoft Windows 2000 Service Pack 4Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Windows Vista