CVE-2007-0025: Code Injection
First published: Tue Feb 13 2007(Updated: )
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Visual Studio | =2003-gold | |
| Microsoft Visual Studio | =2000-sp1 | |
| Microsoft Visual Studio | =2000 | |
| Microsoft Windows Server 2003 | =2003-sp2 | |
| Microsoft Windows Server 2003 | =xp_sp2 | |
| Microsoft Windows Server 2003 | =2000-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/932041
- http://www.securityfocus.com/bid/22476
- http://www.osvdb.org/31887
- http://www.securitytracker.com/id?1017638
- http://secunia.com/advisories/24150
- http://www.us-cert.gov/cas/techalerts/TA07-044A.html
- http://www.vupen.com/english/advisories/2007/0581
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A157
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-012
Frequently Asked Questions
What is the severity of CVE-2007-0025?
CVE-2007-0025 is considered to have a high severity due to its potential to allow arbitrary code execution.
How do I fix CVE-2007-0025?
To fix CVE-2007-0025, ensure that your software is updated to the latest versions and apply relevant Microsoft security patches.
Which versions of software are affected by CVE-2007-0025?
CVE-2007-0025 affects Microsoft Windows 2000 SP4, XP SP2, 2003 SP1, and various versions of Visual Studio .NET.
What type of attack does CVE-2007-0025 enable?
CVE-2007-0025 enables user-assisted remote attackers to execute arbitrary code via a crafted RTF file.
How can I protect my systems from CVE-2007-0025?
To protect against CVE-2007-0025, avoid opening untrusted RTF files and keep your software updated with the latest security updates.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft visual studio
- version/microsoft visual studio/2003-gold
- version/microsoft visual studio/2000-sp1
- version/microsoft visual studio/2000
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/2003-sp2
- version/microsoft windows server 2003/xp_sp2
- version/microsoft windows server 2003/2000-sp4