Vulnerability Description
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Visual Studio .Net | 2000 |
| Microsoft | Windows 2003 Server | 2000 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/24150Vendor Advisory
- http://www.kb.cert.org/vuls/id/932041US Government Resource
- http://www.osvdb.org/31887
- http://www.securityfocus.com/bid/22476
- http://www.securitytracker.com/id?1017638
- http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/0581Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-01
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/24150Vendor Advisory
- http://www.kb.cert.org/vuls/id/932041US Government Resource
- http://www.osvdb.org/31887
- http://www.securityfocus.com/bid/22476
- http://www.securitytracker.com/id?1017638
- http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
FAQ
What is CVE-2007-0025?
CVE-2007-0025 is a vulnerability with a CVSS score of 9.3 (HIGH). The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an R...
How severe is CVE-2007-0025?
CVE-2007-0025 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0025?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Visual Studio .Net, Microsoft Windows 2003 Server.