CVE-2007-0065

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 2000 SP4 through XP SP2 Microsoft Windows Server 2003 versions SP1 through SP2 Microsoft Windows Vista Microsoft Office 2004 for Mac Microsoft Visual Basic 6.0 version SP6

Description A heap-based buffer overflow in Object Linking and Embedding (OLE) Automation allows remote attackers to execute arbitrary code via a crafted script request. This issue could enable an attacker to make changes to the system with the permissions of the logged-on user. If the user has administrative rights, the attacker could take complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights may be less impacted.

Recommendations For Microsoft Windows 2000 SP4, update to a version that includes the fix for this issue. For Microsoft Windows XP SP2, apply the necessary patch to resolve the issue. For Microsoft Windows Server 2003 SP1 and SP2, install the update that addresses this vulnerability. For Microsoft Windows Vista, apply the relevant security update. For Microsoft Office 2004 for Mac, install the available patch. For Microsoft Visual Basic 6.0 SP6, consider disabling the OLE Automation feature until a patch is available.