Executive Summary
Informations | |||
---|---|---|---|
Name | MS07-015 | First vendor Publication | 2007-02-13 |
Vendor | Microsoft | Last vendor Modification | 2007-02-13 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This update resolves two newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-015.mspx?pubDate=2 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:220 | |||
Oval ID: | oval:org.mitre.oval:def:220 | ||
Title: | Microsoft PowerPoint Malformed Record Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-3877 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft PowerPoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:301 | |||
Oval ID: | oval:org.mitre.oval:def:301 | ||
Title: | Excel Malformed Record Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0671 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:568 | |||
Oval ID: | oval:org.mitre.oval:def:568 | ||
Title: | PowerPoint Malformed Record Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-3877 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 4 | |
Application | 1 | |
Application | 3 | |
Application | 1 | |
Application | 4 | |
Application | 1 | |
Application | 3 | |
Application | 4 | |
Application | 3 | |
Application | 3 | |
Application | 2 | |
Application | 3 | |
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31901 | Microsoft Office Unspecified String Handling Arbitrary Code Execution |
29448 | Microsoft PowerPoint Crafted File Unspecified Code Execution Microsoft PowerPoint contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when when a user opens a malicious PowerPoint PPT file. It is possible that the flaw may allow to execute code with the privileges of the user resulting in a loss of integrity. No further details have been provided. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Drawing Record msofbtOPT Code Execution attempt RuleID : 17579 - Revision : 16 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-02-13 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_feb2006.nasl - Type : ACT_GATHER_INFO |
2007-02-13 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms07-015.nasl - Type : ACT_GATHER_INFO |
2006-10-11 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_oct2006.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File : smb_nt_ms06-058.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:38 |
|
2013-05-11 12:21:58 |
|