CVE-2007-2223

CVE Database · CVE-2007-2223

CVE-2007-2223

· N/AModified

CVSS v3.1

N/A

EPSS

48.72%

Published

Aug 14, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft XML Core Services 6.0 - SubstringData Integer Overflow TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

Weaknesses (CWE)

CWE-119CWE-190

Affected Products (26)

microsoft · xml_core_servicesvulnerable

microsoft · windows_server_2003

microsoft · windows_vista

microsoft · windows_xp

References (20)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576

Broken Link

http://secunia.com/advisories/26447

Vendor Advisory

http://www.kb.cert.org/vuls/id/361968

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/archive/1/476527/100/0/threaded

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/476747/100/0/threaded

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/25301

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs