New Search

OLE Automation Memory Corruption Vulnerability

oval:org.mitre.oval:def:1248

Object linking and embedding (OLE) Automation as used in Microsoft Windows 2000 SP4 XP SP2 Server 2003 SP1 and SP2 Office 2004 for Mac and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object which causes an integer overflow that leads to a buffer overflow.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2007-2224
Product(s):
  • Microsoft Visual Basic 6.0