Lucene search

[email protected]CVE-2007-2496

HistoryMay 04, 2007 - 12:19 a.m.

CVE-2007-2496

2007-05-0400:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2496

wordocx

activex control

wordviewer.ocx

denial of service

internet explorer 7

vulnerability

security issue

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.122 Low

EPSS

Percentile

95.4%

JSON

The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.

Affected configurations

NVD

Node

office_ocxword_viewer_ocxMatch3.2.0.5

CPENameOperatorVersion
office_ocx:word_viewer_ocxoffice ocx word viewer ocxeq3.2.0.5

CPE	Name	Operator	Version
office_ocx:word_viewer_ocx	office ocx word viewer ocx	eq	3.2.0.5

References

moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html

osvdb.org/34334

secunia.com/advisories/25100

www.securityfocus.com/bid/23784

www.vupen.com/english/advisories/2007/1634

exchange.xforce.ibmcloud.com/vulnerabilities/34027

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.122 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2007-2496

prion1 nvd1 cvelist1 securityvulns1