CVE-2007-0043

Current Description

The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".

Basic Data

PublishedJuly 10, 2007
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMicrosoftWindows 2000-*******
      2.3OSMicrosoftWindows 2003 Server-*******
      2.3OSMicrosoftWindows Vista-*******
      2.3OSMicrosoftWindows Xp-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoft.net Framework1.0*******
      2.3ApplicationMicrosoft.net Framework1.1*******
      2.3ApplicationMicrosoft.net Framework2.0*******

Vulnerable Software List

VendorProductVersions
Microsoft .net Framework 1.0, 1.1, 2.0

References

NameSourceURLTags
SSRT071446http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.htmlHP
35956http://osvdb.org/35956OSVDB
26003http://secunia.com/advisories/26003SECUNIAVendor Advisory
24811http://www.securityfocus.com/bid/24811BID
1018356http://www.securitytracker.com/id?1018356SECTRACK
TA07-191Ahttp://www.us-cert.gov/cas/techalerts/TA07-191A.htmlCERTUS Government Resource
ADV-2007-2482http://www.vupen.com/english/advisories/2007/2482VUPENVendor Advisory
MS07-040https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040MS
ms-dotnet-jit-bo(34639)https://exchange.xforce.ibmcloud.com/vulnerabilities/34639XF
oval:org.mitre.oval:def:1873https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1873OVAL