CVE-2007-0842
First published: Tue Feb 13 2007(Updated: )
The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Visual C++ | =2005 | |
| Microsoft Visual Studio | =2005 | |
| Microsoft Visual C++ | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securityreason.com/securityalert/2237
- http://osvdb.org/33626
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32454
- http://msdn2.microsoft.com/en-us/library/a442x3ye(VS.80).aspx
- http://www.securityfocus.com/archive/1/459847/100/0/threaded
- http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspx
Frequently Asked Questions
What is the severity of CVE-2007-0842?
CVE-2007-0842 is classified as a vulnerability that can lead to assertion errors in specific time functions of the Microsoft Visual C++ 8.0 standard library.
How do I fix CVE-2007-0842?
To fix CVE-2007-0842, update to a patched version of Microsoft Visual C++ or Visual Studio that addresses this vulnerability.
Which versions of Microsoft Visual C++ are affected by CVE-2007-0842?
CVE-2007-0842 affects the 64-bit versions of Microsoft Visual C++ 8.0 and Microsoft Visual Studio 2005.
What functions are involved in CVE-2007-0842?
CVE-2007-0842 involves the localtime, localtime_s, gmtime, gmtime_s, ctime, ctime_s, wctime, wctime_s, and fstat functions.
What happens when the affected functions are called in CVE-2007-0842?
When the affected functions are called, CVE-2007-0842 triggers an assertion error instead of returning a NULL pointer or EINVAL.
- agent/type
- agent/references
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft visual c++
- version/microsoft visual c++/2005
- canonical/microsoft visual studio
- version/microsoft visual studio/2005
- version/microsoft visual c++/8.0