Vulnerability Description
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Word | 2000 |
| Microsoft | Word Viewer | 2003 |
| Microsoft | Works | 2004 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525Patch
- http://www.kb.cert.org/vuls/id/555489US Government Resource
- http://www.osvdb.org/34388
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23836Patch
- http://www.securitytracker.com/id?1018013Patch
- http://www.us-cert.gov/cas/techalerts/TA07-128A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/1709Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-02
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525Patch
- http://www.kb.cert.org/vuls/id/555489US Government Resource
- http://www.osvdb.org/34388
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23836Patch
FAQ
What is CVE-2007-1202?
CVE-2007-1202 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control ...
How severe is CVE-2007-1202?
CVE-2007-1202 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1202?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Word, Microsoft Word Viewer, Microsoft Works.