Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1749Integer Underflow (Wrap or Wraparound) in Microsoft Internet Explorer

3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
78.5%
top 0.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 14
Latest updateMay 1

Description

Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 6, 7+2

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

1
GHSA
GHSA-q69v-fxm4-rmj3: Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX2022-05-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - Vector Markup Language 'VGX.dll' Remote Buffer Overflow2007-08-14
CVE-2007-1749 — Integer Underflow (Wrap or Wraparound) | cvebase