certfr_avis - CERTA-2007-AVI-018

CERTA-2007-AVI-018

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité a été identifiée dans la bibliothèque de gestion des documents au format VML (pour Vector Markup Language).

VML est un composant XML qui définit les caractéristiques d'images vectorielles. Il est mis en œuvre dans la bibliothèque vgx.dll de Microsoft Windows. La vulnérabilité concerne une mauvaise vérification du résultat de la multiplication de deux entiers, pouvant provoquer une saturation de mémoire tampon.

Cette vulnérabilité peut être exploitée par un utilisateur malintentionné afin d'exécuter du code arbitraire à distance sur une machine vulnérable par l'intermédiaire d'un document VML spécialement construit. Il peut par exemple insérer dans une page Web ou un courrier électronique au format HTML un tel document malveillant.

Cette mise à jour remplace le bulletin de sécurité MS06-055 du 26 septembre 2006.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Internet Explorer 5.01 Service Pack 4 pour Microsoft Windows 2000 Service Pack 4 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 Edition x64.
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 et Server 2003 Service Pack 1 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows XP Professionnel Edition x64 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 (Itanium) ;
Microsoft	Windows	Internet Explorer 6 Service Pack 1 pour Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

CVE-2007-0024 (GCVE-0-2007-0024)

Vulnerability from cvelistv5 – Published: 2007-01-09 23:00 – Updated: 2024-08-07 12:03

Summary

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/0129	vdb-entryx_refsource_VUPEN
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA07-009A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/21930	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/122084	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/457274/100…	vendor-advisoryx_refsource_HP
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/23677	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1017489	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/457053/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/0105	vdb-entryx_refsource_VUPEN
	http://www.osvdb.org/31250	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/457274/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/457164/100…	mailing-listx_refsource_BUGTRAQ
	http://support.microsoft.com/?kbid=929969	vendor-advisoryx_refsource_MSKB
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:37.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0129",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0129"
          },
          {
            "name": "MS07-004",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
          },
          {
            "name": "TA07-009A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
          },
          {
            "name": "21930",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21930"
          },
          {
            "name": "VU#122084",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/122084"
          },
          {
            "name": "HPSBST02184",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1058",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
          },
          {
            "name": "23677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23677"
          },
          {
            "name": "1017489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017489"
          },
          {
            "name": "ie-vml-record-bo(31287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
          },
          {
            "name": "20070116 MS07-004 VML Integer Overflow Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
          },
          {
            "name": "ADV-2007-0105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0105"
          },
          {
            "name": "31250",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31250"
          },
          {
            "name": "SSRT071296",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
          },
          {
            "name": "929969",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://support.microsoft.com/?kbid=929969"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
          },
          {
            "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2007-0129",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0129"
        },
        {
          "name": "MS07-004",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
        },
        {
          "name": "TA07-009A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
        },
        {
          "name": "21930",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21930"
        },
        {
          "name": "VU#122084",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/122084"
        },
        {
          "name": "HPSBST02184",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1058",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
        },
        {
          "name": "23677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23677"
        },
        {
          "name": "1017489",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017489"
        },
        {
          "name": "ie-vml-record-bo(31287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
        },
        {
          "name": "20070116 MS07-004 VML Integer Overflow Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
        },
        {
          "name": "ADV-2007-0105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0105"
        },
        {
          "name": "31250",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31250"
        },
        {
          "name": "SSRT071296",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
        },
        {
          "name": "929969",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://support.microsoft.com/?kbid=929969"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
        },
        {
          "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0129",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0129"
            },
            {
              "name": "MS07-004",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
            },
            {
              "name": "TA07-009A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
            },
            {
              "name": "21930",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21930"
            },
            {
              "name": "VU#122084",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/122084"
            },
            {
              "name": "HPSBST02184",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1058",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
            },
            {
              "name": "23677",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23677"
            },
            {
              "name": "1017489",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017489"
            },
            {
              "name": "ie-vml-record-bo(31287)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
            },
            {
              "name": "20070116 MS07-004 VML Integer Overflow Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
            },
            {
              "name": "ADV-2007-0105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0105"
            },
            {
              "name": "31250",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31250"
            },
            {
              "name": "SSRT071296",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
            },
            {
              "name": "929969",
              "refsource": "MSKB",
              "url": "http://support.microsoft.com/?kbid=929969"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
            },
            {
              "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0024",
    "datePublished": "2007-01-09T23:00:00",
    "dateReserved": "2007-01-03T00:00:00",
    "dateUpdated": "2024-08-07T12:03:37.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted