CVE-2007-1201

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

45.7%

top 2.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Biztalk Server Microsoft Commerce Server Microsoft Internet Security AND Acceleration Server +2 more

Timeline

PublishedMar 11

Latest updateMay 1

Description

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶NVDmicrosoft/office2000, xp+1

▶NVDmicrosoft/biztalk_server2000, 2002+1

▶NVDmicrosoft/commerce_server2000

▶NVDmicrosoft/visual_studio_.net2002, 2003+1

▶NVDmicrosoft/internet_security_and_acceleration_server2000

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-r3ff-8mr5-c9jj: Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary co↗2022-05-01

▶

CVEList

CVE-2007-1201: Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary co↗2008-03-11

▶