CVE-2007-0035

high

Description

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1737

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024

http://www.vupen.com/english/advisories/2007/1709

http://www.us-cert.gov/cas/techalerts/TA07-128A.html

http://www.securitytracker.com/id?1018013

http://www.securityfocus.com/bid/23804

http://www.securityfocus.com/archive/1/468871/100/200/threaded

http://www.osvdb.org/34387

http://www.kb.cert.org/vuls/id/260777

Details

Source: Mitre, NVD

Published: 2007-05-08

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High