CVE-2007-0842
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
Las versiones de 64 bits de la biblioteca estándar de Microsoft Visual C++ versión 8.0 (MSVCR80.DLL) funciones de tiempo, incluyendo (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s , (7) wctime, (8) wctime_s, y (9) fstat, activan un error de aserción en lugar de un puntero NULL o EINVAL al procesar un argumento time después del 1 de enero de 3000, lo que podría permitir a los atacantes dependiendo del contexto causar una denegación de servicio (salida de aplicación) por medio de grandes valores de tiempo. NOTA: se podría argumentar que se trata de una limitación de diseño de las funciones, y la vulnerabilidad reside en cualquier aplicación que no valide los argumentos de estas funciones. Sin embargo, este comportamiento es inconsistente con la documentación, la cual no enumera las aserciones como un posible resultado de una condición de error.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-02-07 CVE Reserved
- 2007-02-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://osvdb.org/33626 | Broken Link | |
http://www.securityfocus.com/archive/1/459847/100/0/threaded | Mailing List | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/32454 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://securityreason.com/securityalert/2237 | 2024-08-07 |
URL | Date | SRC |
---|---|---|
http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspx | 2024-03-12 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Visual C\+\+ Search vendor "Microsoft" for product "Visual C\+\+" | 2005 Search vendor "Microsoft" for product "Visual C\+\+" and version "2005" | - |
Affected
|