CVE-2007-0515

Severity

93%

Complexity

86%

Confidentiality

165%

Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.

Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft

First reported 18 years ago

2007-01-26 00:28:00

Last updated 6 years ago

2018-10-12 21:42:00

Affected Software

Microsoft Office 2000 sp3

2000

Microsoft Office 2003 sp2

2003

Microsoft Office 2004 Mac

2004

Microsoft Office XP Service Pack 3

xp

Microsoft Word 2000

2000

Microsoft Word 2002

2002

Microsoft Word 2003

2003

Microsoft Word Viewer 2003

2003

Microsoft Works 2004

2004

Microsoft Works 2005

2005

Microsoft works_suite 2006

2006

References

http://isc.sans.org/diary.html?storyid=2133

31900

23950

Vendor Advisory

1017564

VU#412225

US Government Resource

http://www.microsoft.com/technet/security/advisory/932114.mspx

Vendor Advisory

22225

22328

http://www.symantec.com/enterprise/security_response/weblog/2007/01/multiple_organizations_targett.html

http://www.symantec.com/enterprise/security_response/weblog/2007/01/new_microsoft_word_2000_vulner.html

http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-013010-5422-99&tabid=2

TA07-044A

US Government Resource

ADV-2007-0350

Vendor Advisory

MS07-014

word-document-code-execution(31834)

oval:org.mitre.oval:def:528

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.