CVE-2007-0035

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICAL
EPSS
58.4%
top 1.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Works
Timeline
PublishedMay 8
Latest updateMay 1

Description

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/works2004, 2005, 2006+2
NVDmicrosoft/office4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-g3gq-rj4j-5rp8: Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data2022-05-01
CVEList
CVE-2007-0035: Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data2007-05-08
CVE-2007-0035 (CRITICAL CVSS 9.3) | Word (or Word Viewer) in Microsoft | cvebase.io