Remote Code Execution Vulnerability in Microsoft XML Core Services
CVE-2007-2223

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 14 August 2007

Summary

Microsoft XML Core Services (MSXML) versions 3.0 through 6.0 contain a vulnerability that could enable remote attackers to execute arbitrary code. This flaw occurs through the substringData method used on a TextNode or XMLDOM object, leading to an integer overflow which can be exploited to perform a buffer overflow. Proper validation of input is crucial to mitigate such risks.

References

http://www.kb.cert.org/vuls/id/361968

third-party-advisoryx_refsource_CERT-VN

http://www.securitytracker.com/id?1018559

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/476747/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 14, 2007
Vulnerability Reserved
Apr 24, 2007