CVE Reference: CVE-2007-0024

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-0024

Description:
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/31287

ST
  1017489

SAID
  Secunia Advisory: SA23677

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1058

OSVDB
  31250

MSKB
  http://support.microsoft.com/?kbid=929969

MS
  http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx

IDEFENSE
  http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462

HP
  http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded

CONFIRM
  http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm

CERT-VN
  122084

CERT
  http://www.us-cert.gov/cas/techalerts/TA07-009A.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/457164/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/457053/100/0/threaded

BID
  21930


Return to the previous page.