9.3

CVE-2007-0024

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version5.01 Updatesp4
   MicrosoftWindows 2000 Updatesp4
MicrosoftIe Version6.0 Updatesp1
   MicrosoftWindows 2000 Updatesp4
MicrosoftInternet Explorer Version7.0
   MicrosoftWindows Xp Edition64-bit
   MicrosoftWindows Xp Updatesp2
MicrosoftInternet Explorer Version7.0
   MicrosoftWindows 2003 Server
   MicrosoftWindows 2003 Server Edition64-bit
   MicrosoftWindows 2003 Server Editionitanium
   MicrosoftWindows 2003 Server Versionsp1
   MicrosoftWindows 2003 Server Versionsp1 Editionitanium
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 46.49% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/archive/1/457274/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA07-009A.html
US Government Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462
Patch
Vendor Advisory
http://secunia.com/advisories/23677
Patch
Vendor Advisory
http://securitytracker.com/id?1017489
Patch
http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm
http://support.microsoft.com/?kbid=929969
Patch
http://www.kb.cert.org/vuls/id/122084
Patch
US Government Resource
http://www.osvdb.org/31250
Patch
http://www.securityfocus.com/archive/1/457053/100/0/threaded
http://www.securityfocus.com/archive/1/457164/100/0/threaded
http://www.securityfocus.com/bid/21930
Patch
http://www.vupen.com/english/advisories/2007/0105
http://www.vupen.com/english/advisories/2007/0129
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004
https://exchange.xforce.ibmcloud.com/vulnerabilities/31287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058