CVE-2007-1202

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-1202
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525 Patch
http://www.kb.cert.org/vuls/id/555489 US Government Resource
http://www.osvdb.org/34388
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/bid/23836 Patch
http://www.securitytracker.com/id?1018013 Patch
http://www.us-cert.gov/cas/techalerts/TA07-128A.html US Government Resource
http://www.vupen.com/english/advisories/2007/1709 Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525 Patch
http://www.kb.cert.org/vuls/id/555489 US Government Resource
http://www.osvdb.org/34388
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/bid/23836 Patch
http://www.securitytracker.com/id?1018013 Patch
http://www.us-cert.gov/cas/techalerts/TA07-128A.html US Government Resource
http://www.vupen.com/english/advisories/2007/1709 Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2004:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*
History

21 Nov 2024, 00:27

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525 - Patch () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525 - Patch
References () http://www.kb.cert.org/vuls/id/555489 - US Government Resource () http://www.kb.cert.org/vuls/id/555489 - US Government Resource
References () http://www.osvdb.org/34388 - () http://www.osvdb.org/34388 -
References () http://www.securityfocus.com/archive/1/468871/100/200/threaded - () http://www.securityfocus.com/archive/1/468871/100/200/threaded -
References () http://www.securityfocus.com/bid/23836 - Patch () http://www.securityfocus.com/bid/23836 - Patch
References () http://www.securitytracker.com/id?1018013 - Patch () http://www.securitytracker.com/id?1018013 - Patch
References () http://www.us-cert.gov/cas/techalerts/TA07-128A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-128A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2007/1709 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/1709 - Vendor Advisory
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900 -
Information

Published : 2007-05-08 23:19

Updated : 2024-11-21 00:27

NVD link : CVE-2007-1202

Mitre link : CVE-2007-1202

CVE.ORG link : CVE-2007-1202

JSON object : View

Products Affected

microsoft

  • works
  • word_viewer
  • word
CWE
CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024