Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) |
| Informations | |||
|---|---|---|---|
| Name | MS07-024 | First vendor Publication | 2007-05-08 |
| Vendor | Microsoft | Last vendor Modification | 2007-05-08 |
| Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1737 | |||
| Oval ID: | oval:org.mitre.oval:def:1737 | ||
| Title: | Word Array Overflow Vulnerability | ||
| Description: | Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0035 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1860 | |||
| Oval ID: | oval:org.mitre.oval:def:1860 | ||
| Title: | Word Document Stream Vulnerability | ||
| Description: | Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0870 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:1900 | |||
| Oval ID: | oval:org.mitre.oval:def:1900 | ||
| Title: | Word RTF Parsing Vulnerability | ||
| Description: | Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-1202 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 | |
| Application | 5 | |
| Application | 1 | |
| Application | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 34388 | Microsoft Word RTF Rich Text Properties Parsing Remote Code Execution Microsoft Word 2003 SP2 (winword.exe file version 11.0.8106.0) contains a flaw that may allow remote code execution. The issue is due to a heap corruption vulnerability in Word, specifically in the handling of property strings in RTF documents. Exploitation requires a target user to load a specially crafted RTF document. When loaded, arbitrary code may be executed with the same permissions as the target user. |
| 34387 | Microsoft Word Data Array Handling Remote Code Execution Microsoft Office contains a flaw that may allow a malicious user to execute arbitrary code on the system. The issue is due to the Word failing to properly verify data within certain arrays. The issue is triggered by a specially crafted Word file that may allow arbitrary code execution resulting in a loss of integrity. |
| 33196 | Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (934232) |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office Word array data handling buffer overflow attempt RuleID : 17649 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word document stream handling code execution attempt RuleID : 17368 - Revision : 12 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-05-09 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_may2007.nasl - Type : ACT_GATHER_INFO |
| 2007-05-08 | Name : Arbitrary code can be executed on the remote host through Microsoft Word. File : smb_nt_ms07-024.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:40 |
|
| 2013-05-11 00:49:16 |
|
