CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2224

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1540%
EPSS Percentile44.85th
PublishedAug 14, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Office

= 2004
πŸ“¦
Microsoft

Visual Basic

= 6.0

References & Advisories

πŸ”— http://secunia.com/advisories/26449
πŸ”— http://www.securityfocus.com/archive/1/476527/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/25282
πŸ”— http://www.securitytracker.com/id?1018560
πŸ”— http://www.us-cert.gov/cas/techalerts/TA07-226A.html
πŸ”— http://www.vupen.com/english/advisories/2007/2867
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-043
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1248

Related Vulnerabilities

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2000-085410.0

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.d...

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...