cvelistv5 - CVE-2007-0024

CVE-2007-0024 (GCVE-0-2007-0024)

Vulnerability from cvelistv5 – Published: 2007-01-09 23:00 – Updated: 2024-08-07 12:03

Summary

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/0129	vdb-entryx_refsource_VUPEN
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA07-009A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/21930	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/122084	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/457274/100…	vendor-advisoryx_refsource_HP
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/23677	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1017489	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/457053/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/0105	vdb-entryx_refsource_VUPEN
	http://www.osvdb.org/31250	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/457274/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/457164/100…	mailing-listx_refsource_BUGTRAQ
	http://support.microsoft.com/?kbid=929969	vendor-advisoryx_refsource_MSKB
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:37.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0129",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0129"
          },
          {
            "name": "MS07-004",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
          },
          {
            "name": "TA07-009A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
          },
          {
            "name": "21930",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21930"
          },
          {
            "name": "VU#122084",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/122084"
          },
          {
            "name": "HPSBST02184",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1058",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
          },
          {
            "name": "23677",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23677"
          },
          {
            "name": "1017489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017489"
          },
          {
            "name": "ie-vml-record-bo(31287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
          },
          {
            "name": "20070116 MS07-004 VML Integer Overflow Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
          },
          {
            "name": "ADV-2007-0105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0105"
          },
          {
            "name": "31250",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31250"
          },
          {
            "name": "SSRT071296",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
          },
          {
            "name": "929969",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://support.microsoft.com/?kbid=929969"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
          },
          {
            "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2007-0129",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0129"
        },
        {
          "name": "MS07-004",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
        },
        {
          "name": "TA07-009A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
        },
        {
          "name": "21930",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21930"
        },
        {
          "name": "VU#122084",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/122084"
        },
        {
          "name": "HPSBST02184",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1058",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
        },
        {
          "name": "23677",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23677"
        },
        {
          "name": "1017489",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017489"
        },
        {
          "name": "ie-vml-record-bo(31287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
        },
        {
          "name": "20070116 MS07-004 VML Integer Overflow Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
        },
        {
          "name": "ADV-2007-0105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0105"
        },
        {
          "name": "31250",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31250"
        },
        {
          "name": "SSRT071296",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
        },
        {
          "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
        },
        {
          "name": "929969",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://support.microsoft.com/?kbid=929969"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
        },
        {
          "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0129",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0129"
            },
            {
              "name": "MS07-004",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
            },
            {
              "name": "TA07-009A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
            },
            {
              "name": "21930",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21930"
            },
            {
              "name": "VU#122084",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/122084"
            },
            {
              "name": "HPSBST02184",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1058",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
            },
            {
              "name": "23677",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23677"
            },
            {
              "name": "1017489",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017489"
            },
            {
              "name": "ie-vml-record-bo(31287)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
            },
            {
              "name": "20070116 MS07-004 VML Integer Overflow Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
            },
            {
              "name": "ADV-2007-0105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0105"
            },
            {
              "name": "31250",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31250"
            },
            {
              "name": "SSRT071296",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
            },
            {
              "name": "929969",
              "refsource": "MSKB",
              "url": "http://support.microsoft.com/?kbid=929969"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
            },
            {
              "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0024",
    "datePublished": "2007-01-09T23:00:00",
    "dateReserved": "2007-01-03T00:00:00",
    "dateUpdated": "2024-08-07T12:03:37.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3F2A51E-2675-4993-B9C2-F2D176A92857\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"91D6D065-A28D-49DA-B7F4-38421FF86498\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"8DC0F5CD-84DF-4569-A651-438D968AA801\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"580632FB-7EB8-4DC6-A372-742D4523BF79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"644E2E89-F3E3-4383-B460-424D724EE62F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \\\"VML Buffer Overrun Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Debordamiento de Entero en la implementaci\\u00f3n (vgx.dll) del Lenguaje de Marcas de Vectores (VML) en Microsoft Internet Explorer 5.01, 6, y 7 en Windows 2000 SP4, XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante una p\\u00e1gina web manipulada que contiene propiedades no especificadas tipo entero que provocan insufiencte reserva de memoria y dispara un desbordamiento de b\\u00fafer, tambi\\u00e9n conocido como     la \\\"Vulnerabilidad de desbordamiento de b\\u00fafer VML\\\".\"}]",
      "id": "CVE-2007-0024",
      "lastModified": "2024-11-21T00:24:47.870",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-01-09T23:28:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/23677\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017489\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://support.microsoft.com/?kbid=929969\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/122084\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31250\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/457053/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457164/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/21930\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0105\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0129\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31287\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/23677\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.microsoft.com/?kbid=929969\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/122084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31250\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/457053/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457164/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457274/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/21930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0129\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31287\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0024\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-01-09T23:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \\\"VML Buffer Overrun Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Debordamiento de Entero en la implementaci\u00f3n (vgx.dll) del Lenguaje de Marcas de Vectores (VML) en Microsoft Internet Explorer 5.01, 6, y 7 en Windows 2000 SP4, XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una p\u00e1gina web manipulada que contiene propiedades no especificadas tipo entero que provocan insufiencte reserva de memoria y dispara un desbordamiento de b\u00fafer, tambi\u00e9n conocido como     la \\\"Vulnerabilidad de desbordamiento de b\u00fafer VML\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F2A51E-2675-4993-B9C2-F2D176A92857\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"91D6D065-A28D-49DA-B7F4-38421FF86498\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"8DC0F5CD-84DF-4569-A651-438D968AA801\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"580632FB-7EB8-4DC6-A372-742D4523BF79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644E2E89-F3E3-4383-B460-424D724EE62F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/23677\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017489\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://support.microsoft.com/?kbid=929969\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/122084\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31250\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/457053/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/457164/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/21930\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0105\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0129\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31287\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/23677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.microsoft.com/?kbid=929969\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/122084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/457053/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457164/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457274/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/21930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-009A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-018

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité a été identifiée dans la bibliothèque de gestion des documents au format VML (pour Vector Markup Language).

VML est un composant XML qui définit les caractéristiques d'images vectorielles. Il est mis en œuvre dans la bibliothèque vgx.dll de Microsoft Windows. La vulnérabilité concerne une mauvaise vérification du résultat de la multiplication de deux entiers, pouvant provoquer une saturation de mémoire tampon.

Cette vulnérabilité peut être exploitée par un utilisateur malintentionné afin d'exécuter du code arbitraire à distance sur une machine vulnérable par l'intermédiaire d'un document VML spécialement construit. Il peut par exemple insérer dans une page Web ou un courrier électronique au format HTML un tel document malveillant.

Cette mise à jour remplace le bulletin de sécurité MS06-055 du 26 septembre 2006.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Internet Explorer 5.01 Service Pack 4 pour Microsoft Windows 2000 Service Pack 4 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 Edition x64.
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 et Server 2003 Service Pack 1 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows XP Professionnel Edition x64 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 (Itanium) ;
Microsoft	Windows	Internet Explorer 6 Service Pack 1 pour Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-004 du 09 janvier 2007	None	vendor-advisory
Avis du CERTA CERTA-2006-AVI-410 du 27 septembre 2006 :	-	other
Bulletin de sécurité iDefense du 09 janvier 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 7 pour Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.01 Service Pack 4 pour Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows Server 2003 Edition x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows Server 2003 et Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows XP Professionnel Edition x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows Server 2003 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 pour Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la biblioth\u00e8que de gestion des\ndocuments au format VML (pour Vector Markup Language).\n\nVML est un composant XML qui d\u00e9finit les caract\u00e9ristiques d\u0027images\nvectorielles. Il est mis en \u0153uvre dans la biblioth\u00e8que vgx.dll de\nMicrosoft Windows. La vuln\u00e9rabilit\u00e9 concerne une mauvaise v\u00e9rification\ndu r\u00e9sultat de la multiplication de deux entiers, pouvant provoquer une\nsaturation de m\u00e9moire tampon.\n\nCette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur\nmalintentionn\u00e9 afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur une\nmachine vuln\u00e9rable par l\u0027interm\u00e9diaire d\u0027un document VML sp\u00e9cialement\nconstruit. Il peut par exemple ins\u00e9rer dans une page Web ou un courrier\n\u00e9lectronique au format HTML un tel document malveillant.\n\nCette mise \u00e0 jour remplace le bulletin de s\u00e9curit\u00e9 MS06-055 du 26\nseptembre 2006.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0024"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2006-AVI-410 du 27 septembre 2006 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-410/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 09 janvier 2007 :",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
    }
  ],
  "reference": "CERTA-2007-AVI-018",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 VML du syst\u00e8me Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-004 du 09 janvier 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx"
    }
  ]
}

CERTA-2007-AVI-018

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité a été identifiée dans la bibliothèque de gestion des documents au format VML (pour Vector Markup Language).

Cette mise à jour remplace le bulletin de sécurité MS06-055 du 26 septembre 2006.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Internet Explorer 5.01 Service Pack 4 pour Microsoft Windows 2000 Service Pack 4 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 Edition x64.
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 et Server 2003 Service Pack 1 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows XP Professionnel Edition x64 ;
Microsoft	Windows	Internet Explorer 7 pour Microsoft Windows Server 2003 (Itanium) ;
Microsoft	Windows	Internet Explorer 6 Service Pack 1 pour Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-004 du 09 janvier 2007	None	vendor-advisory
Avis du CERTA CERTA-2006-AVI-410 du 27 septembre 2006 :	-	other
Bulletin de sécurité iDefense du 09 janvier 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 7 pour Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.01 Service Pack 4 pour Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows Server 2003 Edition x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows Server 2003 et Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows XP Professionnel Edition x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7 pour Microsoft Windows Server 2003 (Itanium) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 pour Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la biblioth\u00e8que de gestion des\ndocuments au format VML (pour Vector Markup Language).\n\nVML est un composant XML qui d\u00e9finit les caract\u00e9ristiques d\u0027images\nvectorielles. Il est mis en \u0153uvre dans la biblioth\u00e8que vgx.dll de\nMicrosoft Windows. La vuln\u00e9rabilit\u00e9 concerne une mauvaise v\u00e9rification\ndu r\u00e9sultat de la multiplication de deux entiers, pouvant provoquer une\nsaturation de m\u00e9moire tampon.\n\nCette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur\nmalintentionn\u00e9 afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur une\nmachine vuln\u00e9rable par l\u0027interm\u00e9diaire d\u0027un document VML sp\u00e9cialement\nconstruit. Il peut par exemple ins\u00e9rer dans une page Web ou un courrier\n\u00e9lectronique au format HTML un tel document malveillant.\n\nCette mise \u00e0 jour remplace le bulletin de s\u00e9curit\u00e9 MS06-055 du 26\nseptembre 2006.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0024"
    }
  ],
  "links": [
    {
      "title": "Avis du CERTA CERTA-2006-AVI-410 du 27 septembre 2006 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-410/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 09 janvier 2007 :",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
    }
  ],
  "reference": "CERTA-2007-AVI-018",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 VML du syst\u00e8me Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-004 du 09 janvier 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx"
    }
  ]
}

GHSA-2P55-J483-368P

Vulnerability from github – Published: 2022-05-01 17:41 – Updated: 2022-05-01 17:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0024"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-09T23:28:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\"",
  "id": "GHSA-2p55-j483-368p",
  "modified": "2022-05-01T17:41:20Z",
  "published": "2022-05-01T17:41:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0024"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23677"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017489"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.microsoft.com/?kbid=929969"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/122084"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/31250"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21930"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0105"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0129"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-0024

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0024

Aliases

CVE-2007-0024

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0024",
    "description": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\"",
    "id": "GSD-2007-0024"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0024"
      ],
      "details": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\"",
      "id": "GSD-2007-0024",
      "modified": "2023-12-13T01:21:35.965804Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-0024",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-0129",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0129"
          },
          {
            "name": "MS07-004",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
          },
          {
            "name": "TA07-009A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
          },
          {
            "name": "21930",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/21930"
          },
          {
            "name": "VU#122084",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/122084"
          },
          {
            "name": "HPSBST02184",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1058",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
          },
          {
            "name": "23677",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23677"
          },
          {
            "name": "1017489",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017489"
          },
          {
            "name": "ie-vml-record-bo(31287)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
          },
          {
            "name": "20070116 MS07-004 VML Integer Overflow Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
          },
          {
            "name": "ADV-2007-0105",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0105"
          },
          {
            "name": "31250",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/31250"
          },
          {
            "name": "SSRT071296",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
          },
          {
            "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
          },
          {
            "name": "929969",
            "refsource": "MSKB",
            "url": "http://support.microsoft.com/?kbid=929969"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
          },
          {
            "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0024"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070109 Microsoft Windows VML Element Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
            },
            {
              "name": "929969",
              "refsource": "MSKB",
              "tags": [
                "Patch"
              ],
              "url": "http://support.microsoft.com/?kbid=929969"
            },
            {
              "name": "VU#122084",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/122084"
            },
            {
              "name": "21930",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/21930"
            },
            {
              "name": "31250",
              "refsource": "OSVDB",
              "tags": [
                "Patch"
              ],
              "url": "http://www.osvdb.org/31250"
            },
            {
              "name": "1017489",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1017489"
            },
            {
              "name": "23677",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/23677"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
            },
            {
              "name": "TA07-009A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
            },
            {
              "name": "ADV-2007-0129",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0129"
            },
            {
              "name": "ADV-2007-0105",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0105"
            },
            {
              "name": "ie-vml-record-bo(31287)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
            },
            {
              "name": "oval:org.mitre.oval:def:1058",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
            },
            {
              "name": "MS07-004",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
            },
            {
              "name": "HPSBST02184",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
            },
            {
              "name": "20070117 Re: MS07-004 VML Integer Overflow Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
            },
            {
              "name": "20070116 MS07-004 VML Integer Overflow Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T15:05Z",
      "publishedDate": "2007-01-09T23:28Z"
    }
  }
}

FKIE_CVE-2007-0024

Vulnerability from fkie_nvd - Published: 2007-01-09 23:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462	Patch, Vendor Advisory
secure@microsoft.com	http://secunia.com/advisories/23677	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1017489	Patch
secure@microsoft.com	http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm
secure@microsoft.com	http://support.microsoft.com/?kbid=929969	Patch
secure@microsoft.com	http://www.kb.cert.org/vuls/id/122084	Patch, US Government Resource
secure@microsoft.com	http://www.osvdb.org/31250	Patch
secure@microsoft.com	http://www.securityfocus.com/archive/1/457053/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/457164/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/457274/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/21930	Patch
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-009A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/0105
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/0129
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/31287
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23677	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017489	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm
af854a3a-2127-422b-91ae-364da2661108	http://support.microsoft.com/?kbid=929969	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/122084	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/31250	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457053/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457164/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457274/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21930	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-009A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0105
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0129
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31287
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	internet_explorer	5.01
microsoft	windows_2000	*
microsoft	ie	6.0
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	internet_explorer	7.0
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp1
microsoft	internet_explorer	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "8DC0F5CD-84DF-4569-A651-438D968AA801",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the \"VML Buffer Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Debordamiento de Entero en la implementaci\u00f3n (vgx.dll) del Lenguaje de Marcas de Vectores (VML) en Microsoft Internet Explorer 5.01, 6, y 7 en Windows 2000 SP4, XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una p\u00e1gina web manipulada que contiene propiedades no especificadas tipo entero que provocan insufiencte reserva de memoria y dispara un desbordamiento de b\u00fafer, tambi\u00e9n conocido como     la \"Vulnerabilidad de desbordamiento de b\u00fafer VML\"."
    }
  ],
  "id": "CVE-2007-0024",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-09T23:28:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23677"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017489"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://support.microsoft.com/?kbid=929969"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/122084"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/31250"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21930"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/0105"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/0129"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.microsoft.com/?kbid=929969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/122084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/31250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457053/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457164/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/21930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0024 (GCVE-0-2007-0024)

CERTA-2007-AVI-018

Description

Solution

CERTA-2007-AVI-018

Description

Solution

GHSA-2P55-J483-368P

GSD-2007-0024

FKIE_CVE-2007-0024

Tags

Sightings

Nomenclature