Vulnerability Details : CVE-2007-0612
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2007-0612
- cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:5.0_ta3:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0612
65.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0612
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
References for CVE-2007-0612
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31867
-
http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html
-
http://securityreason.com/securityalert/2199
-
http://www.securityfocus.com/bid/22288
Exploit
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html
-
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html
-
http://www.securityfocus.com/archive/1/458443/100/0/threaded
Jump to