CVE-2007-0024

EPSS 39.92% · P97 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-0024

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Windows矢量标记语言缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。多个Microsoft产品的矢量标记语言(VML)支持中存在整数溢出，远程攻击者可能利用此漏洞控制用户机器。在vgx.dll中缺少充分的输入验证，两个整数数据做了乘法运算但没有执行整数溢出检查，这可能允许攻击者强制分配比实际需要少的内存。在将用户提供的数据拷贝到新分配的缓冲区时，就会覆盖堆上所储存的函数指针，导致执行任意指令。远程攻击者可能通过诱骗用户访问恶意网页或点击包含恶意内容的邮件来利用此漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-0024

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-0024

请登录查看更多情报信息。

http://support.avaya.com/elmodocs2/security/ASA-2007-009.htmx_refsource_CONFIRM
http://www.securityfocus.com/bid/21930vdb-entryx_refsource_BID
http://secunia.com/advisories/23677third-party-advisoryx_refsource_SECUNIA
http://support.microsoft.com/?kbid=929969vendor-advisoryx_refsource_MSKB
http://securitytracker.com/id?1017489vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-004vendor-advisoryx_refsource_MS
http://www.kb.cert.org/vuls/id/122084third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/archive/1/457274/100/0/threadedvendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2007/0129vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/0105vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/31287vdb-entryx_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/457053/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/457164/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462third-party-advisoryx_refsource_IDEFENSE
https://nvd.nist.gov/vuln/detail/CVE-2007-0024

Same Patch Batch · n/a · 2007-01-09 · 82 CVEs total

CVE-2007-0144		Digitizing Quote和Ordering System 'search.asp' 跨站脚本攻击漏洞
CVE-2007-0154		Webulas 'db.mdb' 信息泄露漏洞
CVE-2007-0141		Yet Another Link Directory 'Yald.PHP' 跨站脚本攻击漏洞
CVE-2007-0142		Shopstorenow E-commerce Shopping Cart 'Orange.ASP' SQL注入漏洞
CVE-2007-0140		Kolayindir Download 'Down.ASP' SQL注入漏洞
CVE-2006-6911		Digitizing Quote和Ordering System 'search.asp'SQL注入漏洞
CVE-2007-0139		OpenVMS ALPHA DECnet/OSI未明攻击漏洞
CVE-2007-0138		PATH_INFO 'formbankcgi.exe'拒绝服务攻击漏洞
CVE-2007-0137		Serene Bach 多个跨站脚本攻击漏洞
CVE-2006-6912		PHPMyFAQ 未明SQL注入漏洞
CVE-2007-0143		NUNE News Script 多个PHP远程文件包含漏洞
CVE-2007-0145		BinGoPHP 'bn_smrep1.php' PHP远程文件包含漏洞
CVE-2007-0146		Fix和Chips CMS多个跨站攻击漏洞
CVE-2007-0147		Cuyahoga FCKEditor 'Web.Config'FCKEditor组件安全绕过漏洞
CVE-2007-0148		OmniWeb Javascript Alert()格式串处理漏洞
CVE-2007-0149		EMembersPro 'users.mdb' 信息泄露漏洞
CVE-2007-0150		Dayfox Blog 'index.php'多个PHP远程文件包含漏洞
CVE-2007-0151		MitiSoft 'MitiSoft.mdb' 安全信息泄露漏洞
CVE-2007-0152		OhhASP 'OhhASP.mdb' 信息泄露漏洞
CVE-2007-0153		AJLogin 'ajlogin.mdb'信息泄露漏洞

Showing top 20 of 82 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2007-0024

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2007-0024

I. Basic Information for CVE-2007-0024

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-0024

III. Intelligence Information for CVE-2007-0024

Same Patch Batch · n/a · 2007-01-09 · 82 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2007-0024

Leave a comment