CVE-2007-0043

2007-07-1022:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-0043

jit compiler

microsoft .net framework

buffer overflow

remote code execution

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.675 Medium

EPSS

Percentile

98.0%

JSON

The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an “unchecked buffer,” probably a buffer overflow, aka “.NET JIT Compiler Vulnerability”.

Affected configurations

NVD

Node

microsoftwindows_2000Match-

microsoftwindows_2003_serverMatch-

microsoftwindows_vistaMatch-

microsoftwindows_xpMatch-

AND

microsoft.net_frameworkMatch1.0

microsoft.net_frameworkMatch1.1

microsoft.net_frameworkMatch2.0

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq1.0
microsoft:.net_frameworkmicrosoft .net frameworkeq1.1
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	1.0
microsoft:.net_framework	microsoft .net framework	eq	1.1
microsoft:.net_framework	microsoft .net framework	eq	2.0