Vulnerability Description
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2000 |
| Microsoft | Works | 2004 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/260777US Government Resource
- http://www.osvdb.org/34387
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23804
- http://www.securitytracker.com/id?1018013
- http://www.us-cert.gov/cas/techalerts/TA07-128A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/1709Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-02
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.kb.cert.org/vuls/id/260777US Government Resource
- http://www.osvdb.org/34387
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23804
- http://www.securitytracker.com/id?1018013
- http://www.us-cert.gov/cas/techalerts/TA07-128A.htmlUS Government Resource
FAQ
What is CVE-2007-0035?
CVE-2007-0035 is a vulnerability with a CVSS score of 9.3 (HIGH). Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted re...
How severe is CVE-2007-0035?
CVE-2007-0035 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0035?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Works.