Vulnerability Description
Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Windows Explorer | All versions |
Related Weaknesses (CWE)
References
- http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html
- http://osvdb.org/36141
- http://www.kb.cert.org/vuls/id/194944Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/22847
- http://www.securitytracker.com/id?1017736
- https://www.exploit-db.com/exploits/3419
- http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html
- http://osvdb.org/36141
- http://www.kb.cert.org/vuls/id/194944Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/22847
- http://www.securitytracker.com/id?1017736
- https://www.exploit-db.com/exploits/3419
FAQ
What is CVE-2007-1347?
CVE-2007-1347 is a vulnerability with a CVSS score of 7.1 (HIGH). Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Of...
How severe is CVE-2007-1347?
CVE-2007-1347 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1347?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Xp, Microsoft Windows Explorer.