Vulnerability Description
The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Office Ocx | Word Viewer Ocx | 3.2.0.5 |
References
- http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html
- http://osvdb.org/34334
- http://secunia.com/advisories/25100
- http://www.securityfocus.com/bid/23784
- http://www.vupen.com/english/advisories/2007/1634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34027
- http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html
- http://osvdb.org/34334
- http://secunia.com/advisories/25100
- http://www.securityfocus.com/bid/23784
- http://www.vupen.com/english/advisories/2007/1634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34027
FAQ
What is CVE-2007-2496?
CVE-2007-2496 is a vulnerability with a CVSS score of 7.8 (HIGH). The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFi...
How severe is CVE-2007-2496?
CVE-2007-2496 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2496?
Check the references section above for vendor advisories and patch information. Affected products include: Office Ocx Word Viewer Ocx.