9.3

CVE-2007-0025

The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftVisual Studio .Net Version2000
MicrosoftVisual Studio .Net Version2000 Updatesp1
MicrosoftVisual Studio .Net Version2003 Updategold
MicrosoftWindows 2003 Server Version2000 Updatesp4
MicrosoftWindows 2003 Server Version2003 Updatesp2
MicrosoftWindows 2003 Server Versionxp_sp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 36.51% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.us-cert.gov/cas/techalerts/TA07-044A.html
US Government Resource
http://secunia.com/advisories/24150
Vendor Advisory
http://www.kb.cert.org/vuls/id/932041
US Government Resource
http://www.osvdb.org/31887
http://www.securityfocus.com/bid/22476
http://www.securitytracker.com/id?1017638
http://www.vupen.com/english/advisories/2007/0581
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A157