Vulnerability in N/a
CVE-2007-2223
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
EPSS: 0.685 (98.6th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- VU#361968 (x_refsource_CERT-VN, third-party-advisory)
- 1018559 (vdb-entry, x_refsource_SECTRACK)
- 20070816 MS07-042 XMLDOM substringData() PoC (mailing-list, x_refsource_BUGTRAQ)
- 20070814 Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
- ADV-2007-2866 (vdb-entry, x_refsource_VUPEN)
- 20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 25301 (vdb-entry, x_refsource_BID)
- MS07-042 (x_refsource_MS, vendor-advisory)
- 26447 (x_refsource_SECUNIA, third-party-advisory)
- www.zerodayinitiative.com/advisories/ZDI-07-048/ (x_refsource_MISC)