CVE-2007-0217

Published: Feb 13, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

Affected (3)

Products: Microsoft: Internet Explorer, Ie

2 products

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 5.01 sp4

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Ie	Version 6.0 sp1

Running on/with	Platform Versions
Microsoft Windows 2000	All versions

Configuration C

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6.0

Running on/with	Platform Versions
Microsoft Windows 2003 Server	Version gold
Microsoft Windows 2003 Server	Version gold
Microsoft Windows 2003 Server	Version gold
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (22)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473

Source: secure@microsoft.com

http://secunia.com/advisories/24156

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/613564

Source: secure@microsoft.com

US Government Resource

http://www.osvdb.org/31892

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/462303/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/22489

Source: secure@microsoft.com

http://www.securitytracker.com/id?1017642

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA07-044A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2007/0584

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141

Source: secure@microsoft.com

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24156

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/613564

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.osvdb.org/31892

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/462303/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22489

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1017642

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-044A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/0584

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.