Vulnerabilities > CVE-2007-0024 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 8 | |
| Application | 3 |
Exploit-Db
description MS Internet Explorer VML Download and Execute Exploit (MS07-004). CVE-2007-0024. Remote exploit for windows platform id EDB-ID:3148 last seen 2016-01-31 modified 2007-01-17 published 2007-01-17 reporter pang0 source https://www.exploit-db.com/download/3148/ title Microsoft Internet Explorer - VML Download and Execute Exploit MS07-004 description MS Internet Explorer VML Remote Buffer Overflow Exploit (MS07-004). CVE-2007-0024. Remote exploit for windows platform id EDB-ID:3137 last seen 2016-01-31 modified 2007-01-16 published 2007-01-16 reporter LifeAsaGeek source https://www.exploit-db.com/download/3137/ title Microsoft Internet Explorer - VML Remote Buffer Overflow Exploit MS07-004
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS07-004.NASL |
| description | The remote host is running a version of Internet Explorer or Outlook Express that is vulnerable to a bug in the Vector Markup Language (VML) handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote host into visiting a rogue website. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 24000 |
| published | 2007-01-09 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/24000 |
| title | MS07-004: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) |
Oval
| accepted | 2008-05-05T04:00:07.621-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description | Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:1058 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2007-01-09T06:00:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title | Vulnerability in Vector Markup Language (VML) Could Allow Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version | 23 |
Saint
| bid | 21930 |
| description | Internet Explorer VML integer overflow |
| id | win_patch_ie_vmljan07 |
| osvdb | 31250 |
| title | ie_vml_int_overflow |
| type | client |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462
- http://support.microsoft.com/?kbid=929969
- http://www.kb.cert.org/vuls/id/122084
- http://www.securityfocus.com/bid/21930
- http://www.osvdb.org/31250
- http://securitytracker.com/id?1017489
- http://secunia.com/advisories/23677
- http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm
- http://www.us-cert.gov/cas/techalerts/TA07-009A.html
- http://www.vupen.com/english/advisories/2007/0129
- http://www.vupen.com/english/advisories/2007/0105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31287
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004
- http://www.securityfocus.com/archive/1/457274/100/0/threaded
- http://www.securityfocus.com/archive/1/457164/100/0/threaded
- http://www.securityfocus.com/archive/1/457053/100/0/threaded