CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-2223

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile37.52th
Published2007年8月14日
Last Modified2026年4月23日

Vulnerability Description

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

Affected Platforms (CPE)

📦
Microsoft

Xml Core Services

= 3.0
📦
Microsoft

Xml Core Services

= 4.0
📦
Microsoft

Xml Core Services

= 6.0
📦
Microsoft

Xml Core Services

= 5.0

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576
🔗 http://secunia.com/advisories/26447
🔗 http://www.kb.cert.org/vuls/id/361968
🔗 http://www.securityfocus.com/archive/1/476527/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/476747/100/0/threaded
🔗 http://www.securityfocus.com/bid/25301
🔗 http://www.securitytracker.com/id?1018559
🔗 http://www.vupen.com/english/advisories/2007/2866

相关漏洞威胁

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2013-00079.3

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to ex...

CVE-2007-00999.3

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, all...

CVE-2014-41189.3

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...