Vulnerability Database

314,343

Total vulnerabilities in the database

CVE-2007-0025

The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.

Published: Feb 13, 2007
Updated: Nov 9, 2025
CVE: CVE-2007-0025
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
microsoft / visual_studio_.net	2003-gold	2003-gold.x
microsoft / visual_studio_.net	2000-sp1	2000-sp1.x
microsoft / visual_studio_.net	2000	2000.x
microsoft / windows_2003_server	2003-sp2	2003-sp2.x
microsoft / windows_2003_server	xp_sp2	xp_sp2.x
microsoft / windows_2003_server	2000-sp4	2000-sp4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo