Heap-based Buffer Overflow in Microsoft Windows and Office Products
CVE-2007-0065

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Visual Basic
Vendor: CVE Published:; 12 February 2008

Summary

A vulnerability exists in the Object Linking and Embedding (OLE) Automation feature of Microsoft Windows and associated Office products, which is exploitable through specially crafted script requests. Successful exploitation allows remote attackers to execute arbitrary code on affected systems, potentially compromising system integrity and user data. Systems running affected versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Office 2004 for Mac, and Visual Basic 6.0 are at risk.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/28902

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/0510/references

vdb-entryx_refsource_VUPEN

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 12, 2008
Vulnerability Reserved
Jan 4, 2007