CVE-2007-0041Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft NET Framework

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
62.2%
top 1.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft NET Framework
Timeline
PublishedJul 10
Latest updateMay 1

Description

The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/net_framework1.0, 1.1, 2.0+2

🔴Vulnerability Details

2
GHSA
GHSA-4vpm-wjqq-2jc2: The PE Loader service in Microsoft2022-05-01
CVEList
CVE-2007-0041: The PE Loader service in Microsoft2007-07-10
CVE-2007-0041 — Microsoft NET Framework vulnerability | cvebase