BID:25201

Microsoft Windows Calendar ICS File Denial of Service Vulnerability

Info

Microsoft Windows Calendar ICS File Denial of Service Vulnerability

Bugtraq ID:	25201
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4247
Remote:	Yes
Local:	No
Published:	Aug 04 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Michal Bucko is credited with discovering this vulnerability.
Vulnerable:	Microsoft Windows Calendar 0 - Microsoft Windows Vista Ultimate - Microsoft Windows Vista Home Premium - Microsoft Windows Vista Home Basic - Microsoft Windows Vista Enterprise - Microsoft Windows Vista Business - Microsoft Windows Vista beta 2 - Microsoft Windows Vista Beta 1 - Microsoft Windows Vista Beta - Microsoft Windows Vista 0 - Microsoft Windows Vista December CTP - Microsoft Windows Vista x64 Edition 0

Not Vulnerable:

Discussion

Microsoft Windows Calendar ICS File Denial of Service Vulnerability

Microsoft Windows Calendar as shipped with Windows Vista is prone to a denial-of-service vulnerability.

An attacker may exploit this vulnerability to cause the affected application to crash, resulting in denial-of-service conditions.

Exploit / POC

Microsoft Windows Calendar ICS File Denial of Service Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Microsoft Windows Calendar ICS File Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Microsoft Windows Calendar ICS File Denial of Service Vulnerability

References:

Windows Vista Homepage (Microsoft)
[ELEYTT] 4SIERPIEN2007 (Michal Bucko)