Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS07-008 | First vendor Publication | 2007-02-13 |
| Vendor | Microsoft | Last vendor Modification | 2007-02-13 |
| Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/ms07-008.mspx?pubDate=2 (...) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:125 | |||
| Oval ID: | oval:org.mitre.oval:def:125 | ||
| Title: | HTML Help ActiveX Control Vulnerability | ||
| Description: | The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0214 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 5 | |
| Os | 2 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 31884 | Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution Windows contains an unspecified flaw related to the HTML Help ActiveX control that may allow an attacker to execute arbitrary code. No further details have been provided. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2007-02-16 | IAVM : 2007-A-0014 - Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0013597 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | HTML Help ActiveX clsid unicode access RuleID : 7440 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer HTML Help ActiveX clsid access RuleID : 7439 - Revision : 16 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms07-008.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:35 |
|
| 2014-01-19 21:30:03 |
|
| 2013-11-11 12:41:04 |
|
| 2013-05-11 00:49:15 |
|
