← voltar
CVE-2007-0612

CVE-2007-0612

EPSS 42.9%
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/29536não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.htmlhttp://osvdb.org/32628http://securityreason.com/securityalert/2199https://exchange.xforce.ibmcloud.com/vulnerabilities/31867http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.htmlhttp://www.securityfocus.com/archive/1/458443/100/0/threadedhttp://www.securityfocus.com/bid/22288