Summary
Remote exploitation of an integer overflow vulnerability in the Vector Markup Language (VML) support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application.
Solution
Run Windows Update or apply patches available on the following web site:
http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
References
Severity
Classification
-
CVE CVE-2007-0024 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
- Flaw in Microsoft VM Could Allow Code Execution (810030)
- Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Microsoft DirectShow Remote Code Execution Vulnerability (977935)