CVE-2007-2224

CWE-119 — Buffer Overflow CWE-1893 documents3 sources

Severity

9.3CRITICAL

EPSS

70.6%

top 1.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Visual Basic

Timeline

PublishedAug 14

Latest updateMay 1

Description

Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/visual_basic6.0

▶NVDmicrosoft/office2004

🔴Vulnerability Details

GHSA

GHSA-5hfx-qqxc-xf62: Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual↗2022-05-01

▶

CVEList

CVE-2007-2224: Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual↗2007-08-14

▶