Lucene search

[email protected]CVE-2007-0216

HistoryFeb 12, 2008 - 11:00 p.m.

CVE-2007-0216

2008-02-1223:00:00

CWE-20

[email protected]

web.nvd.nist.gov

microsoft works 6 file converter

remote code execution

.wps file

cve-2007-0216

input validation vulnerability

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.681 Medium

EPSS

Percentile

98.0%

JSON

wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka “Microsoft Works File Converter Input Validation Vulnerability.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2003
microsoft:worksmicrosoft workseq2005
microsoft:worksmicrosoft workseq8.0

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2003
microsoft:works	microsoft works	eq	2005
microsoft:works	microsoft works	eq	8.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=659

marc.info/?l=bugtraq&m=120361015026386&w=2

secunia.com/advisories/28904

www.securityfocus.com/bid/27657

www.securitytracker.com/id?1019386

www.us-cert.gov/cas/techalerts/TA08-043C.html

www.vupen.com/english/advisories/2008/0513/references

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5309

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.681 Medium

EPSS

Percentile

98.0%

JSON

Related for CVE-2007-0216

prion1 securityvulns3 checkpoint_advisories2 nessus1