CVE-2007-0043 - Vulnerability Details - OpenCVE

The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	.net Framework Windows 2000 Windows 2003 Server Windows Vista Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2000:-:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:-:::::::*
	cpe:2.3:o:microsoft:windows_vista:-:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:::::::*

OR	cpe:2.3:a:microsoft:.net_framework:1.0:::::::*
	cpe:2.3:a:microsoft:.net_framework:1.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:2.0:::::::*

No data.

References

Link	Providers
http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
http://osvdb.org/35956
http://secunia.com/advisories/26003
http://www.securityfocus.com/bid/24811
http://www.securitytracker.com/id?1018356
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
http://www.vupen.com/english/advisories/2007/2482
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040
https://exchange.xforce.ibmcloud.com/vulnerabilities/34639
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1873

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-07-10T22:00:00

Updated: 2024-08-07T12:03:36.982Z

Reserved: 2007-01-03T00:00:00

Link: CVE-2007-0043

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-07-10T22:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0043

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an \"unchecked buffer,\" probably a buffer overflow, aka \".NET JIT Compiler Vulnerability\"."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "SSRT071446", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "MS07-040", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"name": "ADV-2007-2482", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"name": "35956", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35956"}, {"name": "26003", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26003"}, {"name": "oval:org.mitre.oval:def:1873", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1873"}, {"name": "ms-dotnet-jit-bo(34639)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34639"}, {"name": "TA07-191A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "1018356", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018356"}, {"name": "24811", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24811"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an \"unchecked buffer,\" probably a buffer overflow, aka \".NET JIT Compiler Vulnerability\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSRT071446", "refsource": "HP", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "MS07-040", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"name": "ADV-2007-2482", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"name": "35956", "refsource": "OSVDB", "url": "http://osvdb.org/35956"}, {"name": "26003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26003"}, {"name": "oval:org.mitre.oval:def:1873", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1873"}, {"name": "ms-dotnet-jit-bo(34639)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34639"}, {"name": "TA07-191A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "1018356", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018356"}, {"name": "24811", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24811"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:36.982Z"}, "title": "CVE Program Container", "references": [{"name": "SSRT071446", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "MS07-040", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"name": "ADV-2007-2482", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"name": "35956", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35956"}, {"name": "26003", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26003"}, {"name": "oval:org.mitre.oval:def:1873", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1873"}, {"name": "ms-dotnet-jit-bo(34639)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34639"}, {"name": "TA07-191A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "1018356", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018356"}, {"name": "24811", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24811"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0043", "datePublished": "2007-07-10T22:00:00", "dateReserved": "2007-01-03T00:00:00", "dateUpdated": "2024-08-07T12:03:36.982Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAA86830-BEA8-4943-83EA-C267FA534223", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "766661C0-6A35-4F62-8325-3840A75CF3B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A927C9E-5CCC-4FC1-AE63-24B96A5FC51A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A419F50E-F32C-461C-95D0-978C5351FBAA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an \"unchecked buffer,\" probably a buffer overflow, aka \".NET JIT Compiler Vulnerability\"."}, {"lang": "es", "value": "El servicio Just In Time (JIT) Compiler en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite a los atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de vectores no espec\u00edficos que involucran un \"unchecked buffer,\" probablemente un desbordamiento de b\u00fafer, tambi\u00e9n se conoce como \".NET JIT Compiler Vulnerability \"."}], "id": "CVE-2007-0043", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-10T22:30:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"source": "secure@microsoft.com", "url": "http://osvdb.org/35956"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26003"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/24811"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1018356"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34639"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24811"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018356"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1873"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}