Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability

BID:23276

Info

Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability

Bugtraq ID: 23276
Class: Environment Error
CVE: CVE-2007-1213
Remote: No
Local: Yes
Published: Apr 03 2007 12:00AM
Updated: Apr 19 2007 09:11PM
Credit: Microsoft credits Thomas Phinney of Adobe Systems with the reporting of this issue.
Vulnerable: Nortel Networks Self-Service Speech Server 0
Nortel Networks Self-Service Peri NT Server 0
Nortel Networks Self-Service Peri IVR 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service MPS 500 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service MPS 100 0
Nortel Networks Self-Service Media Processing Server 0
Nortel Networks Self-Service - Web Centric CCXML
Nortel Networks Self-Service 0
Nortel Networks Multimedia Communication Platform
Nortel Networks Meridian SL-100
Nortel Networks Enterprise Network Management System
Nortel Networks Contact Center Manager Server 0
Nortel Networks Contact Center Manager
Nortel Networks Contact Center Express
Nortel Networks Contact Center Administration 0
Nortel Networks Contact Center - TAPI Server 0
Nortel Networks Contact Center - Agent Desktop Display 0
Nortel Networks Centrex IP Element Manager 9.0
Nortel Networks Centrex IP Element Manager 8.0
Nortel Networks Centrex IP Element Manager 7.0
Nortel Networks CallPilot 703t
Nortel Networks CallPilot 702t
Nortel Networks CallPilot 201i
Nortel Networks CallPilot 200i
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
HP Storage Management Appliance 2.1
+ HP Storage Management Appliance III
+ HP Storage Management Appliance II
+ HP Storage Management Appliance I
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server 0
Avaya Customer Interaction Express (CIE) User Interface 1.0
Avaya Customer Interaction Express (CIE) Server 1.0
Not Vulnerable:

Discussion

Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability

Microsoft Windows GDI Font Rasterizer is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to gain complete control of an affected computer. Failed attempts will likely cause the operating system to crash, resulting in denial-of-service conditions.

Exploit / POC

Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to open a specially crafted font.

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability

Solution:
Microsoft has released an advisory and patches to address this issue. Please see the references for more information.


Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows 2000 Datacenter Server SP4

Microsoft Windows 2000 Server SP4

Microsoft Windows 2000 Professional SP4

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report