{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"}, {"name": "31892", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/31892"}, {"name": "22489", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22489"}, {"name": "VU#613564", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/613564"}, {"name": "TA07-044A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"}, {"name": "1017642", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017642"}, {"name": "ADV-2007-0584", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0584"}, {"name": "24156", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24156"}, {"name": "MS07-016", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"}, {"name": "20070309 MS07-016 FTP Response DOS PoC", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1141", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0217", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"}, {"name": "31892", "refsource": "OSVDB", "url": "http://www.osvdb.org/31892"}, {"name": "22489", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22489"}, {"name": "VU#613564", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/613564"}, {"name": "TA07-044A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"}, {"name": "1017642", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017642"}, {"name": "ADV-2007-0584", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0584"}, {"name": "24156", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24156"}, {"name": "MS07-016", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"}, {"name": "20070309 MS07-016 FTP Response DOS PoC", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1141", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0217", "datePublished": "2007-02-13T22:00:00", "dateReserved": "2007-01-12T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*", "matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*", "matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption."}, {"lang": "es", "value": "El c\u00f3digo del cliente FTP wininet.dll en Microsoft Internet Explorer 5.01 y 6 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta FTP del servidor de una longitud espec\u00edfica que provoca que el byte nulo de terminaci\u00f3n sea escrito fuera del b\u00fafer, lo cual provoca la corrupci\u00f3n de la pila."}], "id": "CVE-2007-0217", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-13T22:28:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473"}, {"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24156"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/613564"}, {"source": "secure@microsoft.com", "url": "http://www.osvdb.org/31892"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/22489"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017642"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0584"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}