Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-1512 | First vendor Publication | 2007-03-20 |
Vendor | Cve | Last vendor Modification | 2018-10-16 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1512 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58785 | Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF M... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-02-16 | IAVM : 2007-B-0004 - Microsoft Windows MFC Embedded OLE Object Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0013603 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-02-13 | Name : Arbitrary code can be executed on the remote host through the MFC component p... File : smb_nt_ms07-012.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
BUGTRAQ | http://www.securityfocus.com/archive/1/463009/100/0/threaded |
Alert History
Date | Informations |
---|---|
2020-05-23 00:19:27 |
|
2018-10-16 21:19:52 |
|
2016-06-28 23:55:02 |
|
2013-05-11 10:20:47 |
|