CVE-2007-0208

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.3CRITICAL

EPSS

58.0%

top 1.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Word Microsoft Word Viewer +1 more

Timeline

PublishedFeb 13

Latest updateMay 1

Description

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmicrosoft/office4 versions+3

▶NVDmicrosoft/word2000, 2002, 2003+2

▶NVDmicrosoft/works2004, 2005, 2006+2

▶NVDmicrosoft/word_viewer2003

🔴Vulnerability Details

GHSA

GHSA-j676-2f2x-9pmc: Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties↗2022-05-01

▶

CVEList

CVE-2007-0208: Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties↗2007-02-13

▶