9.3
CVE-2007-0216
- EPSS 38.14%
- Veröffentlicht 12.02.2008 23:00:00
- Zuletzt bearbeitet 16.06.2026 22:35:08
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 38.14% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://marc.info/?l=bugtraq&m=120361015026386&w=2
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659
http://secunia.com/advisories/28904
http://www.securityfocus.com/bid/27657
http://www.securitytracker.com/id?1019386
http://www.vupen.com/english/advisories/2008/0513/references
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5309