CVE-2007-2223

Description

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

References

20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability

Broken Link

VU#361968

Third Party AdvisoryUS Government Resource

25301

Third Party AdvisoryVDB Entry

1018559

Third Party AdvisoryVDB Entry

26447

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-07-048/

Third Party AdvisoryVDB Entry

ADV-2007-2866

Vendor Advisory

oval:org.mitre.oval:def:2069

Third Party Advisory

MS07-042

PatchVendor Advisory

20070816 MS07-042 XMLDOM substringData() PoC

Third Party AdvisoryVDB Entry

20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability

Third Party AdvisoryVDB Entry

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:M/Au:N/C:C/I:C/A:C
AccessVector	NETWORK
AccessComplexity	MEDIUM
Authentication	NONE
ConfidentialityImpact	COMPLETE
IntegrityImpact	COMPLETE
AvailabilityImpact	COMPLETE
BaseScore	9.300000190734863

Created by Yello

About Severity.io