<< Back
CVE Number Vulnerability Product Severity Date
MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) Microsoft Windows Critical 13-06-2007

Technical Information

Brief overview of the risk:
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of parameters sent in a function call by Win32 API. An attacker could exploit this vulnerability by creating a specially-crafted Web page and persuading the victim to visit the page.
Detailed Information on the risk:
An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. This can also include Web sites that accept user-provided content or advertisements, Web sites that host user-provided content or advertisements, and compromised Web sites. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker’s Web site.Further information on this exploit is available at : MS07-035

Affected Software

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2