CVE-2007-1512

CVE-2007-1512 is a critical-severity vulnerability in Microsoft Visual Studio .net with a CVSS 2.0 base score of 10.0. Its EPSS exploit-prediction score of 11% places it in the 95th percentile, indicating an elevated likelihood of exploitation.

Key facts

Description

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.

Frequently asked questions

What is CVE-2007-1512?
Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
How severe is CVE-2007-1512?
CVE-2007-1512 has a CVSS 2.0 base score of 10.0, rated critical severity.
Is CVE-2007-1512 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 11% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2007-1512?
CVE-2007-1512 primarily affects Microsoft Visual Studio .net. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2007-1512?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
When was CVE-2007-1512 published?
CVE-2007-1512 was published on 2007-03-20 and last updated on 2026-06-16.

References

Affected products (4)

More vulnerabilities in Microsoft Visual Studio .net

All CVEs affecting Microsoft Visual Studio .net →