Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-0024

Published: 09/01/2007 Updated: 23/07/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Windows 2000

Vulnerability Summary

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote malicious users to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_explorer 5.01

microsoft ie 6.0

microsoft internet_explorer 7.0

Exploits

Exploit DB: Microsoft Internet Explorer - VML Download and Execute (MS07-004)
#(c) pang0 // wwwtcbilisimorg #bug found3d by LifeAsaGeek #thx => og / chaos / sakkure / stansar / xoron #MS07-004 VML integer overflow exploit $html = "lazhtml"; print "(c) pang0 // wwwtcbilisimorg\nbug found3d by LifeAsaGeek\nMS07-004 VML integer overflow exploit\nusage: perl $0 <shell> <opt>\n", "shell => -b bind(31337)\ ...
Exploit DB: Microsoft Internet Explorer - VML Remote Buffer Overflow (MS07-004)
<!-- MS07-004 VML integer overflow exploit by lifeasageek at gmailcom - Trigger CVMLRecolorinfo::InternalLoad() method you can see the screen captured image "picasawebgooglecom/lifeasageek/MS07004/photo?pli=1#5019163989136880322" which is generated by DarunGrim - tested on WinXP SP2 Korean version( fully patched except kb929969) ...

References

NVD-CWE-Otherhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462http://support.microsoft.com/?kbid=929969http://www.kb.cert.org/vuls/id/122084http://www.securityfocus.com/bid/21930http://www.osvdb.org/31250http://securitytracker.com/id?1017489http://secunia.com/advisories/23677http://support.avaya.com/elmodocs2/security/ASA-2007-009.htmhttp://www.us-cert.gov/cas/techalerts/TA07-009A.htmlhttp://www.vupen.com/english/advisories/2007/0129http://www.vupen.com/english/advisories/2007/0105https://exchange.xforce.ibmcloud.com/vulnerabilities/31287https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004http://www.securityfocus.com/archive/1/457274/100/0/threadedhttp://www.securityfocus.com/archive/1/457164/100/0/threadedhttp://www.securityfocus.com/archive/1/457053/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/3148/https://www.kb.cert.org/vuls/id/122084
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook