CVE-2007-1747

2007-05-0823:19:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2007-1747

mso.dll

microsoft office

remote code execution

memory corruption

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.927 High

EPSS

Percentile

99.0%

JSON

Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.

Affected configurations

NVD

Node

microsoftofficeMatch2000sp3

microsoftofficeMatch2003sp2

microsoftofficeMatch2004mac

microsoftofficeMatch2007

microsoftofficeMatchxpsp3

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2000
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeqxp

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2000
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	xp