CVE-2007-0035
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
Word (o Word Viewer) en Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 para Mac, y Works Suite 2004, 2005 y 2006 no manejan apropiadamente los datos en una determinada matriz, lo que permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario, también se conoce como "Word Array Overflow Vulnerability."
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-01-03 CVE Reserved
- 2007-05-08 CVE Published
- 2024-05-26 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/260777 | Third Party Advisory |
|
| http://www.osvdb.org/34387 | Vdb Entry | |
| http://www.securityfocus.com/bid/23804 | Vdb Entry | |
| http://www.securitytracker.com/id?1018013 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-128A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1737 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/archive/1/468871/100/200/threaded | 2018-10-30 | |
| http://www.vupen.com/english/advisories/2007/1709 | 2018-10-30 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2000 Search vendor "Microsoft" for product "Office" and version "2000" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | xp Search vendor "Microsoft" for product "Office" and version "xp" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 2004 Search vendor "Microsoft" for product "Works" and version "2004" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 2005 Search vendor "Microsoft" for product "Works" and version "2005" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 2006 Search vendor "Microsoft" for product "Works" and version "2006" | - |
Affected
| ||||||