Denial of Service Vulnerability in Microsoft Visual C++ 8.0 Standard Library
CVE-2007-0842

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Studio; Visual C\+\+
Vendor: CVE Published:; 13 February 2007

What is CVE-2007-0842?

The Microsoft Visual C++ 8.0 standard library has a vulnerability in its time functions that can lead to a denial of service. Specifically, when processing time arguments beyond Jan 1, 3000, functions such as localtime, gmtime, and ctime trigger assertion errors instead of returning NULL or EINVAL. This outputs an unexpected behavior that can cause applications to exit unexpectedly. It highlights the importance of proper input validation by applications using these functions, as this flaw could be exploited by attackers with context-specific conditions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32454

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/459847/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityreason.com/securityalert/2237

third-party-advisoryx_refsource_SREASON

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2007
Vulnerability Reserved
Feb 7, 2007