CVE-2007-6329 — Microsoft Office vulnerability

CWE-2552 documents2 sources

Severity

6.4MEDIUMNVD

EPSS

24.2%

top 3.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office

Timeline

PublishedDec 13

Latest updateMay 1

Description

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDmicrosoft/office2007

🔴Vulnerability Details

GHSA

GHSA-rh2q-7cfr-4g9v: Microsoft Office 2007 12↗2022-05-01

▶