Strix
26.1K

CVE-2007-1512

UnknownEPSS 11.33%

Last modified

CVE-2007-1512 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.. EPSS estimates a 11.33% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.

Metrics

EPSS Probability
11.33%

95.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
MicrosoftVisual Studio .Net2002Gold
MicrosoftVisual Studio .Net2003Gold

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-1512?
Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
How severe is CVE-2007-1512?
Severity scoring for CVE-2007-1512 is pending analysis. The EPSS model estimates a 11.33% probability of exploitation in the next 30 days.
How do I fix CVE-2007-1512?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-1512?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST