CVE-2007-1202

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.8MEDIUM

EPSS

64.0%

top 1.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Word Microsoft Word Viewer Microsoft Works

Timeline

PublishedMay 8

Latest updateMay 1

Description

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDmicrosoft/word_viewer2003

▶NVDmicrosoft/word4 versions+3

▶NVDmicrosoft/works2004, 2005, 2006+2

Patches

Patch: labs.idefense.com ↗Patch: www.securityfocus.com ↗Patch: www.securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-jjp3-3rj8-w86x: Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certa↗2022-05-01

▶

CVEList

CVE-2007-1202: Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certa↗2007-05-08

▶