ID CVE-2007-0217
Summary The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 16-10-2018 - 16:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-08-03T04:00:12.034-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Dragos Prisaca
    organization Secure Elements, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 5.01 SP4 is installed
    oval oval:org.mitre.oval:def:325
description The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
family windows
id oval:org.mitre.oval:def:1141
status accepted
submitted 2007-02-14T09:49:32
title FTP Server Response Parsing Memory Corruption Vulnerability
version 68
refmap via4
bid 22489
bugtraq 20070309 MS07-016 FTP Response DOS PoC
cert TA07-044A
cert-vn VU#613564
idefense 20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability
ms MS07-016
osvdb 31892
sectrack 1017642
secunia 24156
vupen ADV-2007-0584
Last major update 16-10-2018 - 16:31
Published 13-02-2007 - 22:28
Back to Top