CVE-2007-0035

Sažetak

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

Reference

http://www.kb.cert.org/vuls/id/260777
http://www.osvdb.org/34387
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/bid/23804
http://www.securitytracker.com/id?1018013
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
http://www.vupen.com/english/advisories/2007/1709
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1737

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:26

Objavljeno

08-05-2007 - 22:19