CVE-2007-1512 (CNNVD-200703-448)
中文标题:
Microsoft Windows 多个产品 MFC组件 栈缓冲区溢出漏洞
英文标题:
Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Wind...
漏洞描述
中文描述:
Microsoft Windows 2000 SP4, XP SP2和Server 2003 Gold 和SP1,Visual Studio .NET 2002 Gold和SP1以及2003 Gold和SP1的MFC组件中的AfxOleSetEditMenu函数存在栈缓冲区溢出漏洞。用户协助式远程攻击者可以借助一个包含有畸形的OLE对象的RTF文件,造成未知影响(可能是崩溃)。又称"MFC42u.dll Off-by-Two溢出"。
英文描述:
Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| microsoft | visual_studio_.net | 2002 | - | - |
cpe:2.3:a:microsoft:visual_studio_.net:2002:gold:*:*:*:*:*:*
|
| microsoft | visual_studio_.net | 2003 | - | - |
cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
AV:N/AC:L/Au:N/C:C/I:C/A:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2007-1512 |
2025-11-11 15:17:51 | 2025-11-11 07:32:42 |
| NVD | nvd_CVE-2007-1512 |
2025-11-11 14:52:09 | 2025-11-11 07:41:28 |
| CNNVD | cnnvd_CNNVD-200703-448 |
2025-11-11 15:08:56 | 2025-11-11 07:49:15 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200703-448
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 10.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']