cvelistv5 - cve-2007-0214

CVE-2007-0214 (GCVE-0-2007-0214)

Vulnerability from cvelistv5 – Published: 2007-02-13 20:00 – Updated: 2024-08-07 12:12

Summary

The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/22478	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1017635	vdb-entryx_refsource_SECTRACK
	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	third-party-advisoryx_refsource_CERT
	http://www.kb.cert.org/vuls/id/563756	third-party-advisoryx_refsource_CERT-VN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/24136	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/31884	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/0577	vdb-entryx_refsource_VUPEN
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:12:17.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22478",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22478"
          },
          {
            "name": "1017635",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017635"
          },
          {
            "name": "TA07-044A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "name": "VU#563756",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/563756"
          },
          {
            "name": "oval:org.mitre.oval:def:125",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
          },
          {
            "name": "24136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24136"
          },
          {
            "name": "31884",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31884"
          },
          {
            "name": "ADV-2007-0577",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0577"
          },
          {
            "name": "MS07-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "22478",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22478"
        },
        {
          "name": "1017635",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017635"
        },
        {
          "name": "TA07-044A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
        },
        {
          "name": "VU#563756",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/563756"
        },
        {
          "name": "oval:org.mitre.oval:def:125",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
        },
        {
          "name": "24136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24136"
        },
        {
          "name": "31884",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31884"
        },
        {
          "name": "ADV-2007-0577",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0577"
        },
        {
          "name": "MS07-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0214",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22478",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22478"
            },
            {
              "name": "1017635",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017635"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "VU#563756",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/563756"
            },
            {
              "name": "oval:org.mitre.oval:def:125",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
            },
            {
              "name": "24136",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24136"
            },
            {
              "name": "31884",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31884"
            },
            {
              "name": "ADV-2007-0577",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0577"
            },
            {
              "name": "MS07-008",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0214",
    "datePublished": "2007-02-13T20:00:00",
    "dateReserved": "2007-01-12T00:00:00",
    "dateUpdated": "2024-08-07T12:12:17.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2CA1674-A8A0-479A-9D80-344D3C563A24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0808041A-CE1A-433A-9C2B-019097CCFB0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"644E2E89-F3E3-4383-B460-424D724EE62F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"91D6D065-A28D-49DA-B7F4-38421FF86498\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.\"}, {\"lang\": \"es\", \"value\": \"El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante funciones no especificadas, relacionado con par\\u00e1metros no inicializados.\"}]",
      "id": "CVE-2007-0214",
      "lastModified": "2024-11-21T00:25:15.837",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-02-13T20:28:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/24136\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/563756\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31884\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/22478\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1017635\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0577\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/24136\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/563756\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/31884\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22478\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0577\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0214\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-02-13T20:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.\"},{\"lang\":\"es\",\"value\":\"El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante funciones no especificadas, relacionado con par\u00e1metros no inicializados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CA1674-A8A0-479A-9D80-344D3C563A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0808041A-CE1A-433A-9C2B-019097CCFB0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644E2E89-F3E3-4383-B460-424D724EE62F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"91D6D065-A28D-49DA-B7F4-38421FF86498\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/24136\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/563756\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31884\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/22478\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1017635\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0577\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/24136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/563756\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/31884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-044A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-085

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité, permettant l'exécution de code arbitraire à distance, existe dans 2 composants ActiveX, Microsoft Data Access Components et Microsoft HTML Help, de Microsoft Windows.

Description

Microsoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant l'affichage des fichiers d'aide au format HTML. Une personne malveillante peut exploiter la vulnérabilité présente dans ce composant ActiveX afin d'exécuter du code arbitraire à distance par le biais d'une page web au format HTML spécialement conçue.

Microsoft Data Access Components (MDAC) est un regroupement de technologies Microsoft facilitant l'accès aux données. Une vulnérabilité présente dans le contrôle ActiveX ADODB.Connection permet à une personne malveillante d'exécuter du code arbitraire à distance par le biais d'un appel spécialement conçu d'une méthode de ce contrôle ActiveX.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Serveur 2003, versions x86 et Itanium.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletins de sécurités Microsoft MS07-008 et MS07-009 du 13 février 2007	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Serveur 2003, versions x86 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMicrosoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant\nl\u0027affichage des fichiers d\u0027aide au format HTML. Une personne\nmalveillante peut exploiter la vuln\u00e9rabilit\u00e9 pr\u00e9sente dans ce composant\nActiveX afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027une\npage web au format HTML sp\u00e9cialement con\u00e7ue.\n\nMicrosoft Data Access Components (MDAC) est un regroupement de\ntechnologies Microsoft facilitant l\u0027acc\u00e8s aux donn\u00e9es. Une vuln\u00e9rabilit\u00e9\npr\u00e9sente dans le contr\u00f4le ActiveX ADODB.Connection permet \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un\nappel sp\u00e9cialement con\u00e7u d\u0027une m\u00e9thode de ce contr\u00f4le ActiveX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0214"
    },
    {
      "name": "CVE-2006-5559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5559"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-009.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-085",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9, permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance,\nexiste dans 2 composants ActiveX, Microsoft Data Access Components et\nMicrosoft HTML Help, de Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des composants ActiveX de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9s Microsoft MS07-008 et MS07-009 du 13 f\u00e9vrier 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-085

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité, permettant l'exécution de code arbitraire à distance, existe dans 2 composants ActiveX, Microsoft Data Access Components et Microsoft HTML Help, de Microsoft Windows.

Description

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Serveur 2003, versions x86 et Itanium.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletins de sécurités Microsoft MS07-008 et MS07-009 du 13 février 2007	None	vendor-advisory
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-008 du 13 février 2007 :	-	other
Bulletin de sécurité Microsoft MS07-009 du 13 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Serveur 2003, versions x86 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMicrosoft HTML Help (hhcrtl.ocx) est un composant ActiveX permettant\nl\u0027affichage des fichiers d\u0027aide au format HTML. Une personne\nmalveillante peut exploiter la vuln\u00e9rabilit\u00e9 pr\u00e9sente dans ce composant\nActiveX afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027une\npage web au format HTML sp\u00e9cialement con\u00e7ue.\n\nMicrosoft Data Access Components (MDAC) est un regroupement de\ntechnologies Microsoft facilitant l\u0027acc\u00e8s aux donn\u00e9es. Une vuln\u00e9rabilit\u00e9\npr\u00e9sente dans le contr\u00f4le ActiveX ADODB.Connection permet \u00e0 une personne\nmalveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un\nappel sp\u00e9cialement con\u00e7u d\u0027une m\u00e9thode de ce contr\u00f4le ActiveX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0214"
    },
    {
      "name": "CVE-2006-5559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5559"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-008 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-008.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-009 du 13 f\u00e9vrier 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-009.mspx"
    }
  ],
  "reference": "CERTA-2007-AVI-085",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9, permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance,\nexiste dans 2 composants ActiveX, Microsoft Data Access Components et\nMicrosoft HTML Help, de Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des composants ActiveX de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9s Microsoft MS07-008 et MS07-009 du 13 f\u00e9vrier 2007",
      "url": null
    }
  ]
}

FKIE_CVE-2007-0214

Vulnerability from fkie_nvd - Published: 2007-02-13 20:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/24136
secure@microsoft.com	http://www.kb.cert.org/vuls/id/563756	US Government Resource
secure@microsoft.com	http://www.osvdb.org/31884
secure@microsoft.com	http://www.securityfocus.com/bid/22478
secure@microsoft.com	http://www.securitytracker.com/id?1017635
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/0577
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24136
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/563756	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/31884
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22478
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017635
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-044A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0577
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	64-bit
microsoft	windows_2003_server	itanium
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp1
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*",
              "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters."
    },
    {
      "lang": "es",
      "value": "El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante funciones no especificadas, relacionado con par\u00e1metros no inicializados."
    }
  ],
  "id": "CVE-2007-0214",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-02-13T20:28:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/24136"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/563756"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/31884"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/22478"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1017635"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/0577"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/563756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/31884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-0214

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0214

Aliases

CVE-2007-0214

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0214",
    "description": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.",
    "id": "GSD-2007-0214"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0214"
      ],
      "details": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.",
      "id": "GSD-2007-0214",
      "modified": "2023-12-13T01:21:36.105890Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-0214",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "22478",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22478"
          },
          {
            "name": "1017635",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017635"
          },
          {
            "name": "TA07-044A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
          },
          {
            "name": "VU#563756",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/563756"
          },
          {
            "name": "oval:org.mitre.oval:def:125",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
          },
          {
            "name": "24136",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24136"
          },
          {
            "name": "31884",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/31884"
          },
          {
            "name": "ADV-2007-0577",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0577"
          },
          {
            "name": "MS07-008",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0214"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#563756",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/563756"
            },
            {
              "name": "22478",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22478"
            },
            {
              "name": "31884",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/31884"
            },
            {
              "name": "1017635",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017635"
            },
            {
              "name": "24136",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24136"
            },
            {
              "name": "TA07-044A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
            },
            {
              "name": "ADV-2007-0577",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0577"
            },
            {
              "name": "oval:org.mitre.oval:def:125",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
            },
            {
              "name": "MS07-008",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:42Z",
      "publishedDate": "2007-02-13T20:28Z"
    }
  }
}

GHSA-8WG2-6R8C-JHR9

Vulnerability from github – Published: 2022-05-01 17:42 – Updated: 2022-05-01 17:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0214"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-02-13T20:28:00Z",
    "severity": "HIGH"
  },
  "details": "The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.",
  "id": "GHSA-8wg2-6r8c-jhr9",
  "modified": "2022-05-01T17:42:30Z",
  "published": "2022-05-01T17:42:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0214"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24136"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/563756"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/31884"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22478"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017635"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0577"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0214 (GCVE-0-2007-0214)

CERTA-2007-AVI-085

Description

Solution

CERTA-2007-AVI-085

Description

Solution

FKIE_CVE-2007-0214

GSD-2007-0214

GHSA-8WG2-6R8C-JHR9

Tags

Sightings

Nomenclature