CVE-2007-2217

Name of the Vulnerable Software and Affected Versions Kodak Image Viewer in Microsoft Windows versions 2000 SP4, XP SP2, Server 2003 SP1, and Server 2003 SP2

Description A remote code execution issue exists in the way the Kodak Image Viewer handles specially crafted image files, potentially allowing an attacker to execute arbitrary code via crafted image files that trigger memory corruption. This could be exploited if a user visits a Web site, views a specially crafted e-mail message, or opens an e-mail attachment, potentially allowing an attacker to take complete control of an affected system.

Recommendations For Windows 2000 SP4, update the Kodak Image Viewer to a version that is not affected by this issue. For Windows XP SP2, consider disabling the Kodak Image Viewer until a patch is available. For Windows Server 2003 SP1 and SP2, restrict access to the Kodak Image Viewer to minimize the risk of exploitation.