CVE-2007-0842 — Microsoft Visual C vulnerability

CWE-3993 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

10.5%

top 6.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual C

Timeline

PublishedFeb 13

Latest updateMay 1

Description

The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this i…

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/visual_c2005

Patches

Patch: msdn2.microsoft.com ↗Patch: msdn2.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3qg5-3wgr-h9mq: The 64-bit versions of Microsoft Visual C++ 8↗2022-05-01

▶

CVEList

CVE-2007-0842: The 64-bit versions of Microsoft Visual C++ 8↗2007-02-13

▶