Lucene search

K
cve[email protected]CVE-2007-2224
HistoryAug 14, 2007 - 9:17 p.m.

CVE-2007-2224

2007-08-1421:17:00
CWE-189
CWE-119
web.nvd.nist.gov
88
cve-2007-2224
ole automation
microsoft windows
buffer overflow
integer overflow
security vulnerability

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.884 High

EPSS

Percentile

98.6%

Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.884 High

EPSS

Percentile

98.6%

Related for CVE-2007-2224