Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-1512
HistoryMar 20, 2007 - 10:19 a.m.

CVE-2007-1512

2007-03-2010:19:00
[email protected]
web.nvd.nist.gov
1

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.615

Percentile

97.9%

JSON

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the “MFC42u.dll Off-by-Two Overflow.” NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.

Affected configurations

Nvd
Node
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serverMatchgold
OR
microsoftwindows_2003_serverMatchsp1
OR
microsoftwindows_xpsp2
AND
microsoftvisual_studio_.netMatch2002gold
OR
microsoftvisual_studio_.netMatch2002sp1
OR
microsoftvisual_studio_.netMatch2003gold
OR
microsoftvisual_studio_.netMatch2003sp1
VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_servergoldcpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
microsoftwindows_2003_serversp1cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftvisual_studio_.net2002cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*
microsoftvisual_studio_.net2002cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
microsoftvisual_studio_.net2003cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*
microsoftvisual_studio_.net2003cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*

Related

securityvulns 2
cvelist 2
cve 2
prion 2
cert 1
nvd 1
nessus 1
checkpoint_advisories 1
securityvulns
securityvulns
Microsoft MFC memory corruption
2007-03-16 00:00:00
Microsoft Security Bulletin MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
2007-02-13 00:00:00
cvelist
cvelist
CVE-2007-1512
2007-03-20 10:00:00
CVE-2007-0025
2007-02-13 20:00:00
cve
cve
CVE-2007-1512
2007-03-20 10:19:00
CVE-2007-0025
2007-02-13 20:28:00
prion
prion
Stack overflow
2007-03-20 10:19:00
Stack overflow
2007-02-13 20:28:00
cert
cert
Microsoft MFC component vulnerable to remote code execution via malformed embedded OLE object
2007-02-14 00:00:00
nvd
nvd
CVE-2007-0025
2007-02-13 20:28:00
nessus
nessus
MS07-012: Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
2007-02-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Malformed RTF Handling Code Execution (MS07-011; CVE-2006-1311; CVE-2007-0025; CVE-2007-0026)
2007-02-25 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.615

Percentile

97.9%

JSON
Related for NVD:CVE-2007-1512
securityvulns2cvelist2cve2prion2cert1nvd1nessus1checkpoint_advisories1