CVE-2007-3899 — Code Injection in Microsoft Office

CWE-94 — Code Injection4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

51.5%

top 2.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Word

Timeline

PublishedOct 9

Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/word2000, 2002+1

▶NVDmicrosoft/office2000, 2004, xp+2

🔴Vulnerability Details

GHSA

GHSA-5m9g-cf78-fhvj: Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrar↗2022-05-01

▶

CVEList

CVE-2007-3899: Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrar↗2007-10-09

▶

VulnCheck

Microsoft Office Improper Control of Generation of Code ('Code Injection')↗2007

▶