Computer Security

CVE-2007-2223
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-2223
StatusUNKNOWN
DescriptionMicrosoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
SeverityHigh
CVSS score9,3
CVSS vector(AV:N/AC:M/Au:N/C:C/I:C/A:C)
PhaseASSIGNED (12.04.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2223
ReferencesBID : 25301
 BUGTRAQ : 20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability
 BUGTRAQ : 20070816 MS07-042 XMLDOM substringData() PoC
 CERT-VN : VU#361968
 IDEFENSE : 20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability
 MISC : http://www.zerodayinitiative.com/advisories/ZDI-07...
 MS : MS07-042
 OVAL : oval:org.mitre.oval:def:2069
 SECTRACK : 1018559
 SECUNIA : 26447
 VUPEN : ADV-2007-2866
SecurityVulns:Microsoft Windows XML core services memory corruption
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server