Vulnerability Note VU#457281
Microsoft Windows Win32 API fails to properly validate function parameters
The Microsoft Windows Win32 API fails to properly validate function parameters, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Microsoft Windows Win32 API is a set of application programming interfaces for the Microsoft Windows operating system. The Win32 API allows applications to interact with the Windows operating system. The Microsoft Windows Win32 API fails to properly validate function parameters.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with elevated privileges. Any application that uses the Win32 API, such as Internet Explorer or Outlook Express, may be vulnerable.
Apply an update
This update is addressed by Microsoft Security Bulletin MS07-035.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||12 Jun 2007|
CVSS Metrics (Learn More)
This vulnerability was reported by Microsoft, who in turn credit Billy Rios of VeriSign.
This document was written by Will Dormann.
- CVE IDs: CVE-2007-2219
- Date Public: 12 Jun 2007
- Date First Published: 12 Jun 2007
- Date Last Updated: 12 Jun 2007
- Severity Metric: 15.75
- Document Revision: 3
If you have feedback, comments, or additional information about this vulnerability, please send us email.