ID CVE-2007-0217
Summary The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
Vulnerable Configurations
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Internet Explorer 5.01 Service Pack 4
    cpe:2.3:a:microsoft:ie:5.01:sp4
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • cpe:2.3:a:microsoft:ie:6.0:sp1
    cpe:2.3:a:microsoft:ie:6.0:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:gold
    cpe:2.3:o:microsoft:windows_2003_server:gold
  • cpe:2.3:o:microsoft:windows_2003_server:gold:-:itanium
    cpe:2.3:o:microsoft:windows_2003_server:gold:-:itanium
  • cpe:2.3:o:microsoft:windows_2003_server:gold:-:x64
    cpe:2.3:o:microsoft:windows_2003_server:gold:-:x64
  • cpe:2.3:o:microsoft:windows_2003_server:sp1
    cpe:2.3:o:microsoft:windows_2003_server:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:-:itanium
    cpe:2.3:o:microsoft:windows_2003_server:sp1:-:itanium
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
CVSS
Base: 10.0 (as of 14-02-2007 - 13:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description MS Internet Explorer (FTP Server Response) DoS Exploit (MS07-016). CVE-2007-0217. Dos exploit for windows platform
id EDB-ID:3444
last seen 2016-01-31
modified 2007-03-09
published 2007-03-09
reporter Mathew Rowley
source https://www.exploit-db.com/download/3444/
title Microsoft Internet Explorer - FTP Server Response DoS Exploit MS07-016
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS07-016.NASL
description The remote host is missing the IE cumulative security update 92808. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen 2019-02-21
modified 2018-11-15
plugin id 24340
published 2007-02-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=24340
title MS07-016: Cumulative Security Update for Internet Explorer (928090)
oval via4
accepted 2015-08-03T04:00:12.034-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Dragos Prisaca
    organization Secure Elements, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 5.01 SP4 is installed
    oval oval:org.mitre.oval:def:325
description The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
family windows
id oval:org.mitre.oval:def:1141
status accepted
submitted 2007-02-14T09:49:32
title FTP Server Response Parsing Memory Corruption Vulnerability
version 68
refmap via4
bid 22489
bugtraq 20070309 MS07-016 FTP Response DOS PoC
cert TA07-044A
cert-vn VU#613564
idefense 20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability
ms MS07-016
osvdb 31892
sectrack 1017642
secunia 24156
vupen ADV-2007-0584
Last major update 07-03-2011 - 21:49
Published 13-02-2007 - 17:28
Last modified 16-10-2018 - 12:31
Back to Top