Vulnerability Name: | CVE-2007-0065 (CCN-40043) | ||||||||
Assigned: | 2007-01-04 | ||||||||
Published: | 2008-02-12 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-94 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-0065 Source: HP Type: UNKNOWN HPSBST02314 Source: CCN Type: SA28902 Microsoft Windows OLE Automation Memory Corruption Source: SECUNIA Type: UNKNOWN 28902 Source: CCN Type: SECTRACK ID: 1019373 Windows Heap Overflow in Object Linking and Embedding (OLE) Automation Lets Remote Users Execute Arbitrary Code Source: CCN Type: ASA-2008-065 MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) Source: CCN Type: NORTEL BULLETIN ID: 2008008631, Rev 1 Nortel Response to Microsoft Security Bulletin MS08-008 Source: CCN Type: Microsoft Security Bulletin MS13-020 Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) Source: CCN Type: Microsoft Security Bulletin MS14-064 Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443) Source: CCN Type: Microsoft Security Bulletin MS16-030 Security Update for Windows OLE to Address Remote Code Execution (3143136) Source: CCN Type: IBM Internet Security Systems Protection Advisory - Feb. 12, 2008 Microsoft OleLoadPicture Remote Code Execution Vulnerability Source: CCN Type: Microsoft Security Bulletin MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) Source: CCN Type: Microsoft Security Bulletin MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490) Source: CCN Type: Microsoft Security Bulletin MS11-075 Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) Source: BID Type: UNKNOWN 27661 Source: CCN Type: BID-27661 Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1019373 Source: CERT Type: US Government Resource TA08-043C Source: VUPEN Type: UNKNOWN ADV-2008-0510 Source: MS Type: UNKNOWN MS08-008 Source: CCN Type: IBM Internet Security Systems X-Force Database OLE stream buffer overflow Source: XF Type: UNKNOWN win-ole-script-request-bo(40043) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5388 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |