PRIOn knowledge basePRION:CVE-2007-1202

HistoryMay 08, 2007 - 11:19 p.m.

Design/Logic Flaw

2007-05-0823:19:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.687 Medium

EPSS

Percentile

97.9%

JSON

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text “property strings of certain control words,” which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the “Word RTF Parsing Vulnerability.”

CPENameOperatorVersion
wordeq2002 sp3
wordeq2000 sp3
wordeq2004 mac
wordeq2003 sp2
word_viewereq2003
workseq2006
workseq2005
workseq2004

Name	Operator	Version
word	eq	2002 sp3
word	eq	2000 sp3
word	eq	2004 mac
word	eq	2003 sp2
word_viewer	eq	2003
works	eq	2006
works	eq	2005
works	eq	2004

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=525

www.kb.cert.org/vuls/id/555489

www.osvdb.org/34388

www.securityfocus.com/archive/1/468871/100/200/threaded

www.securityfocus.com/bid/23836

www.securitytracker.com/id?1018013

www.us-cert.gov/cas/techalerts/TA07-128A.html

www.vupen.com/english/advisories/2007/1709

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.687 Medium

EPSS

Percentile

97.9%

JSON

Related for PRION:CVE-2007-1202