Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) |
| Informations | |||
|---|---|---|---|
| Name | MS07-050 | First vendor Publication | 2007-08-14 |
| Vendor | Microsoft | Last vendor Modification | 2008-08-26 |
| Severity (Vendor) | Critical | Revision | 2.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V2.0 (August 26, 2008): Bulletin revised to include Internet Explorer 7 for Windows XP Service Pack 3.Summary: This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS07-050.mspx |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1784 | |||
| Oval ID: | oval:org.mitre.oval:def:1784 | ||
| Title: | VML Buffer Overrun Vulnerability | ||
| Description: | Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-1749 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-07-08 | Name : Microsoft Windows Vector Markup Language Buffer Overflow (938127) File : nvt/ms07-050.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 36390 | Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Ov... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2007-08-16 | IAVM : 2007-A-0045 - Microsoft Internet Explorer Vector Markup Language Remote Code Execution Vuln... Severity : Category II - VMSKEY : V0014825 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Internet Explorer VML source file memory corruption attempt RuleID : 12282 - Revision : 13 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer VML source file memory corruption attempt RuleID : 12281 - Revision : 13 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer VML source file memory corruption attempt RuleID : 12280 - Revision : 17 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-08-14 | Name : Arbitrary code can be executed on the remote host through the email client or... File : smb_nt_ms07-050.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:45 |
|
| 2014-01-19 21:30:07 |
|
| 2013-11-11 12:41:06 |
|
| 2013-05-11 12:22:03 |
|
