Lucene search

[email protected]NVD:CVE-2007-0612

HistoryJan 31, 2007 - 11:28 a.m.

CVE-2007-0612

2007-01-3111:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.579

Percentile

97.7%

JSON

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.

Affected configurations

Nvd

Node

microsoftieMatch5.0_ta3

microsoftieMatch6.0sp1

microsoftieMatch7.0vista

microsoftinternet_explorerMatch5.0.1

microsoftinternet_explorerMatch5.0.1sp1

microsoftinternet_explorerMatch5.0.1sp4

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch6.0

microsoftinternet_explorerMatch7.0beta1

microsoftinternet_explorerMatch7.0beta2

VendorProductVersionCPE
microsoftie5.0_ta3cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*
microsoftie6.0cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
microsoftie7.0cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
microsoftinternet_explorer6.0cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
microsoftinternet_explorer7.0cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
microsoftinternet_explorer7.0cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	ie	5.0_ta3	cpe:2.3:a:microsoft:ie:5.0_ta3:::::::*
microsoft	ie	6.0	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
microsoft	ie	7.0	cpe:2.3:a:microsoft:ie:7.0::vista:::::
microsoft	internet_explorer	5.0.1	cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::*
microsoft	internet_explorer	5.0.1	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1::::::
microsoft	internet_explorer	5.0.1	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4::::::
microsoft	internet_explorer	5.5	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
microsoft	internet_explorer	6.0	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:beta1::::::
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:beta2::::::

References

archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html

lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html

osvdb.org/32628

securityreason.com/securityalert/2199

www.determina.com/security.research/vulnerabilities/activex-bgcolor.html

www.securityfocus.com/archive/1/458443/100/0/threaded

www.securityfocus.com/bid/22288

exchange.xforce.ibmcloud.com/vulnerabilities/31867

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.579

Percentile

97.7%

JSON

Related for NVD:CVE-2007-0612

exploitdb1 cvelist1 prion1 cve1 securityvulns1