|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-10-21 | |
| Rule Name: | Internet Explorer VML Object Buffer Overflow Vulnerability (CVE-2007-0024) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Windows | |
| Reference: | http://support.microsoft.com/?kbid=929969 SecurityFocusBID:21930 MicrosoftSecurityBulletin:ms07-004 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx |