cbcvebase.
CVE-2007-0025
published 2007-02-13

CVE-2007-0025: The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote…

PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
36.51%
98.3th percentile
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftvisual_studio_net
microsoftvisual_studio_net
microsoftvisual_studio_net
microsoftwindows_2003_server
microsoftwindows_2003_server
microsoftwindows_2003_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.