ID CVE-2007-0024
Summary Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2008-05-05T04:00:07.621-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Clifford Farrugia
    organization GFI Software
definition_extensions
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 5.01 SP4 is installed
    oval oval:org.mitre.oval:def:325
description Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
family windows
id oval:org.mitre.oval:def:1058
status accepted
submitted 2007-01-09T06:00:00
title Vulnerability in Vector Markup Language (VML) Could Allow Remote Code Execution
version 26
refmap via4
bid 21930
bugtraq
  • 20070116 MS07-004 VML Integer Overflow Exploit
  • 20070117 Re: MS07-004 VML Integer Overflow Exploit
cert TA07-009A
cert-vn VU#122084
confirm http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm
hp
  • HPSBST02184
  • SSRT071296
idefense 20070109 Microsoft Windows VML Element Integer Overflow Vulnerability
mskb 929969
osvdb 31250
sectrack 1017489
secunia 23677
vupen
  • ADV-2007-0105
  • ADV-2007-0129
xf ie-vml-record-bo(31287)
saint via4
bid 21930
description Internet Explorer VML integer overflow
id win_patch_ie_vmljan07
osvdb 31250
title ie_vml_int_overflow
type client
Last major update 16-10-2018 - 16:30
Published 09-01-2007 - 23:28
Last modified 16-10-2018 - 16:30
Back to Top