Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0024 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

6 documents5 sources

Severity

9.3CRITICALNVD

EPSS

39.9%

top 2.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedJan 9

Latest updateMay 1

Description

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.01, 7.0+1

▶NVDmicrosoft/ie6.0

Patches

Patch: labs.idefense.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-2p55-j483-368p: Integer overflow in the Vector Markup Language (VML) implementation (vgx↗2022-05-01

▶

CVEList

CVE-2007-0024: Integer overflow in the Vector Markup Language (VML) implementation (vgx↗2007-01-09

▶

VulnCheck

Microsoft Windows Integer Overflow or Wraparound↗2007

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - VML Download and Execute (MS07-004)↗2007-01-17

▶

Exploit-DB

Microsoft Internet Explorer - VML Remote Buffer Overflow (MS07-004)↗2007-01-16

▶