PT-2007-1521 · Microsoft · Mfc42U.Dll+2

Published

2007-02-13

Updated

2018-10-12

CVE-2007-0025

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fix Visual Studio .NET versions prior to the fix

Description The issue allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. This might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.

Recommendations For Microsoft Windows, apply the fix to resolve the issue. For Visual Studio .NET, apply the fix to resolve the issue. As a temporary workaround, consider avoiding the use of RTF files with malformed OLE objects until a patch is available.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-0025

Affected Products

Mfc42U.Dll

Visual Studio .Net

Windows

PT-2007-1521 · Microsoft · Mfc42U.Dll+2

CVE-2007-0025

Weakness Enumeration

Related Identifiers

Affected Products

References · 10