New Search

MFC Memory Corruption Vulnerability

oval:org.mitre.oval:def:157

The MFC component in Microsoft Windows 2000 SP4 XP SP2 and 2003 SP1 and Visual Studio .NET 2000 2002 SP1 2003 and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2007-0025
Product(s):