9.3

CVE-2007-0216

wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2003 Updatesp2
MicrosoftOffice Version2003 Updatesp3
MicrosoftWorks Version8.0
MicrosoftWorks Version2005
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 38.14% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://marc.info/?l=bugtraq&m=120361015026386&w=2
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
US Government Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659
http://secunia.com/advisories/28904
Vendor Advisory
http://www.securityfocus.com/bid/27657
http://www.securitytracker.com/id?1019386
http://www.vupen.com/english/advisories/2008/0513/references
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5309