<< Back
CVE Number Vulnerability Product Severity Date
MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) Microsoft Windows Critical 14-02-2007

Technical Information

Brief overview of the risk:
A privilege elevation vulnerability exists in Windows XP Service Pack 2 in the way that the Window Image Acquisition Service starts applications. This vulnerability could allow a logged on user to take complete control of the system.
Detailed Information on the risk:
The Microsoft Windows Image Acquisition (WIA) Service provides an API that enables graphics programs to obtain pictures from hardware devices such as image scanners and digital cameras. An unchecked buffer in the API can be overflowed by a user application, allowing code to be executed in a privileged context.Further information on this exploit is available at : MS07-007

Affected Software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Windows Vista