CVE-2007-0024

EXPLOITED

Internet Explorer - Remote Code Execution via VML Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-0024 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including pang0, LifeAsaGeek.

AI-analyzed exploit summary This exploit targets CVE-2007-0024, an integer overflow vulnerability in Microsoft's VML (Vector Markup Language) implementation. It uses a heap spray technique to achieve remote code execution via a maliciously crafted HTML file.

Description

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by pang0 · perlremotewindows
https://www.exploit-db.com/exploits/3148

This exploit targets CVE-2007-0024, an integer overflow vulnerability in Microsoft's VML (Vector Markup Language) implementation. It uses a heap spray technique to achieve remote code execution via a maliciously crafted HTML file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer (VML implementation)
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by LifeAsaGeek · htmlremotewindows
https://www.exploit-db.com/exploits/3137

This exploit targets CVE-2007-0024, an integer overflow in the VML (Vector Markup Language) implementation in Microsoft Internet Explorer. It uses a heap spray technique to achieve remote code execution by triggering the CVMLRecolorinfo::InternalLoad() method.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Microsoft Internet Explorer 6.0 on Windows XP SP2
No auth needed
Prerequisites: Unpatched Windows XP SP2 with Internet Explorer 6.0 · User interaction to visit malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21930
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/122084
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23677
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017489
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31287
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/31250
Patch vendor-advisory x_refsource_mskb
http://support.microsoft.com/?kbid=929969
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0129
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/457274/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1058
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457053/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0105
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457164/100/0/threaded
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462

Scores

EPSS 0.3992
EPSS Percentile 97.4%

Details

VulnCheck KEV 2007-01-09
Status published
Products (3)
microsoft/ie 6.0 sp1
microsoft/internet_explorer 5.01 sp4
microsoft/internet_explorer 7.0
Published Jan 09, 2007
Tracked Since Feb 18, 2026