CVE-2007-1202

EPSS 58.16%
Published 08.05.2007 23:19:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Word Version2000 Updatesp3

Microsoft ≫ Word Version2002 Updatesp3

Microsoft ≫ Word Version2003 Updatesp2

Microsoft ≫ Word Version2004 Editionmac

Microsoft ≫ Word Viewer Version2003

Microsoft ≫ Works Version2004

Microsoft ≫ Works Version2005

Microsoft ≫ Works Version2006

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	58.16%	0.981

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/archive/1/468871/100/200/threaded

http://www.us-cert.gov/cas/techalerts/TA07-128A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/1709

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024

http://www.securitytracker.com/id?1018013

Patch

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525

Patch

http://www.kb.cert.org/vuls/id/555489

US Government Resource