CVE-2007-0035

EPSS 58.63%
Published 08.05.2007 22:19:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Version2000 Updatesp3

Microsoft ≫ Office Version2003

Microsoft ≫ Office Version2003 Updatesp2

Microsoft ≫ Office Version2004 Editionmac

Microsoft ≫ Office Versionxp Updatesp3

Microsoft ≫ Works Version2004

Microsoft ≫ Works Version2005

Microsoft ≫ Works Version2006

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	58.63%	0.981

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/archive/1/468871/100/200/threaded

http://www.us-cert.gov/cas/techalerts/TA07-128A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/1709

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024

http://www.kb.cert.org/vuls/id/260777

US Government Resource

http://www.osvdb.org/34387

http://www.securityfocus.com/bid/23804

http://www.securitytracker.com/id?1018013

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1737

https://nvd.nist.gov/vuln/detail/CVE-2007-0035

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0035

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0035

EUVD