CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2223

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile37.52th
PublishedAug 14, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Xml Core Services

= 3.0
πŸ“¦
Microsoft

Xml Core Services

= 4.0
πŸ“¦
Microsoft

Xml Core Services

= 6.0
πŸ“¦
Microsoft

Xml Core Services

= 5.0

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576
πŸ”— http://secunia.com/advisories/26447
πŸ”— http://www.kb.cert.org/vuls/id/361968
πŸ”— http://www.securityfocus.com/archive/1/476527/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/476747/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/25301
πŸ”— http://www.securitytracker.com/id?1018559
πŸ”— http://www.vupen.com/english/advisories/2007/2866

Related Vulnerabilities

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2013-00079.3

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to ex...

CVE-2007-00999.3

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, all...

CVE-2014-41189.3

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...