CVE-2007-0842

Name: CVE-2007-0842
Creator: NVD / NIST
Published: 2007-02-13T11:28:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.60%

Last modified Jun 16, 2026

CVE-2007-0842 is a vulnerability of currently unknown severity. The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. EPSS estimates a 5.60% chance of exploitation in the next 30 days.

Description

The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.

Metrics

EPSS Probability

5.60%

91.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Microsoft	Visual C\+\+	2005

References

http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspxPatch, Vendor Advisory
http://osvdb.org/33626Broken Link
http://securityreason.com/securityalert/2237Exploit
http://www.securityfocus.com/archive/1/459847/100/0/threadedThird Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/32454VDB Entry
http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspxPatch, Vendor Advisory
http://osvdb.org/33626Broken Link
http://securityreason.com/securityalert/2237Exploit
http://www.securityfocus.com/archive/1/459847/100/0/threadedThird Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/32454VDB Entry

Timeline

Published: Feb 13, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-0842?

How severe is CVE-2007-0842?

Severity scoring for CVE-2007-0842 is pending analysis. The EPSS model estimates a 5.60% probability of exploitation in the next 30 days.

How do I fix CVE-2007-0842?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-0842?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST