CVE-2007-2223

Published: Aug 14, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

VU#361968

third-party-advisory

x_refsource_CERT-VN

1018559

vdb-entry

x_refsource_SECTRACK

20070816 MS07-042 XMLDOM substringData() PoC

mailing-list

x_refsource_BUGTRAQ

20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability

third-party-advisory

x_refsource_IDEFENSE

ADV-2007-2866

vdb-entry

x_refsource_VUPEN

20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability

mailing-list

x_refsource_BUGTRAQ

25301

vdb-entry

x_refsource_BID

MS07-042

vendor-advisory

x_refsource_MS

26447

third-party-advisory

x_refsource_SECUNIA

http://www.zerodayinitiative.com/advisories/ZDI-07-048/

x_refsource_MISC

oval:org.mitre.oval:def:2069

vdb-entry

signature

x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-2223

Description

Affected Products

References