CVE-2007-0025
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
El componente MFC en Microsoft Windows 2000 SP4, XP SP2 y 2003 SP1 y Visual Studio .NET 2000, 2002 SP1, 2003 y 2003 SP1 permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un archivo RTF con un objeto OLE mal formado que desencadena corrupción de memoria. NOTA: esto podría ser debido a un desbordamiento de buffer basado en pila en la función AfxOleSetEditMenu en MFC42u.dll.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-03 CVE Reserved
- 2007-02-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/932041 | Third Party Advisory |
|
| http://www.osvdb.org/31887 | Vdb Entry | |
| http://www.securityfocus.com/bid/22476 | Vdb Entry | |
| http://www.securitytracker.com/id?1017638 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-044A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A157 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/24150 | 2018-10-12 | |
| http://www.vupen.com/english/advisories/2007/0581 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-012 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2000 Search vendor "Microsoft" for product "Visual Studio .net" and version "2000" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2000 Search vendor "Microsoft" for product "Visual Studio .net" and version "2000" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | gold |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | 2000 Search vendor "Microsoft" for product "Windows 2003 Server" and version "2000" | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | 2003 Search vendor "Microsoft" for product "Windows 2003 Server" and version "2003" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | xp_sp2 Search vendor "Microsoft" for product "Windows 2003 Server" and version "xp_sp2" | - |
Affected
| ||||||