Vulnerability Description
Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | - |
| Microsoft | Internet Explorer | 5.01 |
| Microsoft | Windows Server 2003 | - |
| Microsoft | Windows Xp | - |
| Microsoft | Windows Vista | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/44652Broken Link
- http://www.kb.cert.org/vuls/id/570089Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/28882Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-06
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41940Third Party AdvisoryVDB Entry
- http://osvdb.org/44652Broken Link
- http://www.kb.cert.org/vuls/id/570089Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/28882Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-06
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41940Third Party AdvisoryVDB Entry
FAQ
What is CVE-2007-6255?
CVE-2007-6255 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
How severe is CVE-2007-6255?
CVE-2007-6255 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6255?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Internet Explorer, Microsoft Windows Server 2003, Microsoft Windows Xp, Microsoft Windows Vista.