CVE-2007-6255 : Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrar

Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.

Published 2008-04-23 13:05:00

Updated 2018-10-12 21:44:32

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2007-6255

Probability of exploitation activity in the next 30 days: 28.89%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-6255

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-6255

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-6255

https://exchange.xforce.ibmcloud.com/vulnerabilities/41940

Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/28882

Third Party Advisory;VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069

CVEs referencing this url
http://www.kb.cert.org/vuls/id/570089

Third Party Advisory;US Government Resource

Products affected by CVE-2007-6255

Microsoft » Windows 2000 » Version: N/A Update SP4
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 5.01 Update SP4
When used together with: Microsoft » Internet Explorer » Version: 6 Update SP1
Microsoft » Windows Xp » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Xp » Version: N/A Professional Edition For X64
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Xp » Version: N/A Update SP2 Professional Edition For X64
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Xp » Version: N/A Professional Edition For X64
cpe:2.3:o:microsoft:windows_xp:-:*:professional:*:*:*:x64:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 7
Microsoft » Windows Xp » Version: N/A Update SP2 Professional Edition For X64
cpe:2.3:o:microsoft:windows_xp:-:sp2:professional:*:*:*:x64:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 7
Microsoft » Windows Server 2003 » Version: N/A For X64
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Server 2003 » Version: N/A Update SP1 For Itanium
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Server 2003 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Server 2003 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Server 2003 » Version: N/A Update SP2 For Itanium
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Server 2003 » Version: N/A Update SP2 For X64
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 6
Microsoft » Windows Vista » Version: N/A
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 7
Microsoft » Windows Vista » Version: N/A For X64
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 7

Vulnerability Details : CVE-2007-6255

Exploit prediction scoring system (EPSS) score for CVE-2007-6255

CVSS scores for CVE-2007-6255

CWE ids for CVE-2007-6255

References for CVE-2007-6255

Products affected by CVE-2007-6255