Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/44938 - | |
References | () http://securityreason.com/securityalert/3443 - | |
References | () http://www.securityfocus.com/archive/1/484919/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/26833 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/39021 - |
Information
Published : 2007-12-13 19:46
Updated : 2024-11-21 00:39
NVD link : CVE-2007-6329
Mitre link : CVE-2007-6329
CVE.ORG link : CVE-2007-6329
JSON object : View
Products Affected
microsoft
- office
CWE
CWE-255
Credentials Management Errors