9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.7 High
AI Score
Confidence
Low
0.675 Medium
EPSS
Percentile
98.0%
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an βunchecked bufferβ and unvalidated message lengths, probably a buffer overflow.
archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
osvdb.org/35954
secunia.com/advisories/26003
www.securityfocus.com/bid/24778
www.securitytracker.com/id?1018356
www.us-cert.gov/cas/techalerts/TA07-191A.html
www.vupen.com/english/advisories/2007/2482
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040
exchange.xforce.ibmcloud.com/vulnerabilities/34637
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2093