Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0217 — Microsoft IE vulnerability

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

75.8%

top 1.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedFeb 13

Latest updateMay 1

Description

The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.01, 6.0+1

▶NVDmicrosoft/ie6.0

🔴Vulnerability Details

GHSA

GHSA-55jx-p795-8xr6: The wininet↗2022-05-01

▶

CVEList

CVE-2007-0217: The wininet↗2007-02-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - FTP Server Response Denial of Service (MS07-016)↗2007-03-09

▶