Lucene search
AnonymousZDI-07-048HistoryAug 14, 2007 - 12:00 a.m.
Microsoft Internet Explorer substringData Heap Overflow Vulnerability
2007-08-1400:00:00
Anonymous
www.zerodayinitiative.com
8
0.919 High
EPSS
Percentile
98.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method available on the TextNode JavaScript object. When specific parameters are passed to the method, an integer overflow occurs causing incorrect memory allocation. If this event occurs after a different ActiveX object has been instantiated, an exploitable condition is created when the ActiveX object is deallocated which can result in the execution of arbitrary code.
Related
cert
cert
Microsoft XML Core Services XMLDOM substringData() buffer overflow
2007-08-14 00:00:00
openvas
openvas
Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
2011-01-14 00:00:00
Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
2011-01-14 00:00:00
securityvulns
securityvulns
prion
prion
Integer overflow
2007-08-14 21:17:00
nessus
nessus
checkpoint_advisories
checkpoint_advisories
Microsoft XML Core Services Memory Corruption (MS07-042; CVE-2007-2223)
2009-12-06 00:00:00
seebug
seebug
Microsoft XML Core Services SubstringData堆溢出漏洞(MS07-042)
2007-08-17 00:00:00
mskb
mskb
nvd
nvd
CVE-2007-2223
2007-08-14 21:17:00
cvelist
cvelist
CVE-2007-2223
2007-08-14 21:00:00
cve
cve
CVE-2007-2223
2007-08-14 21:17:00