CVE-2007-1202

high

Description

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024

http://www.vupen.com/english/advisories/2007/1709

http://www.us-cert.gov/cas/techalerts/TA07-128A.html

http://www.securitytracker.com/id?1018013

http://www.securityfocus.com/bid/23836

http://www.securityfocus.com/archive/1/468871/100/200/threaded

http://www.osvdb.org/34388

http://www.kb.cert.org/vuls/id/555489

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525

Details

Source: Mitre, NVD

Published: 2007-05-08

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High