CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
98.1%
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text “property strings of certain control words,” which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the “Word RTF Parsing Vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | word | 2000 | cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:* |
microsoft | word | 2002 | cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:* |
microsoft | word | 2003 | cpe:2.3:a:microsoft:word:2003:sp2:*:*:*:*:*:* |
microsoft | word | 2004 | cpe:2.3:a:microsoft:word:2004:*:mac:*:*:*:*:* |
microsoft | word_viewer | 2003 | cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:* |
microsoft | works | 2004 | cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:* |
microsoft | works | 2005 | cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:* |
microsoft | works | 2006 | cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:* |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=525
www.kb.cert.org/vuls/id/555489
www.osvdb.org/34388
www.securityfocus.com/archive/1/468871/100/200/threaded
www.securityfocus.com/bid/23836
www.securitytracker.com/id?1018013
www.us-cert.gov/cas/techalerts/TA07-128A.html
www.vupen.com/english/advisories/2007/1709
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900