CVE-2007-1202: Input Validation
First published: Tue May 08 2007(Updated: )
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Word for Android | =2000-sp3 | |
| Microsoft Word for Android | =2002-sp3 | |
| Microsoft Word for Android | =2003-sp2 | |
| Microsoft Word for Android | =2004 | |
| Microsoft Word Viewer | =2003 | |
| Microsoft Works | =2004 | |
| Microsoft Works | =2005 | |
| Microsoft Works | =2006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=525
- http://www.kb.cert.org/vuls/id/555489
- http://www.osvdb.org/34388
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23836
- http://www.securitytracker.com/id?1018013
- http://www.us-cert.gov/cas/techalerts/TA07-128A.html
- http://www.vupen.com/english/advisories/2007/1709
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900
Frequently Asked Questions
What is the severity of CVE-2007-1202?
CVE-2007-1202 is considered to have a high severity due to its potential to cause heap corruption and allow remote code execution.
How do I fix CVE-2007-1202?
To fix CVE-2007-1202, users should update their Microsoft Office applications to the latest security patches provided by Microsoft.
Which versions of Microsoft Office are affected by CVE-2007-1202?
CVE-2007-1202 affects Microsoft Office 2000 SP3, XP SP3, 2003 SP2, and several versions of Microsoft Works and Word Viewer.
Can CVE-2007-1202 be exploited without user interaction?
Exploitation of CVE-2007-1202 requires user assistance, such as opening a maliciously crafted document.
What types of attacks are associated with CVE-2007-1202?
CVE-2007-1202 can lead to remote code execution attacks that allow attackers to execute arbitrary code on a victim's machine.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft word for android
- version/microsoft word for android/2000-sp3
- version/microsoft word for android/2002-sp3
- version/microsoft word for android/2003-sp2
- version/microsoft word for android/2004
- canonical/microsoft word viewer
- version/microsoft word viewer/2003
- canonical/microsoft works
- version/microsoft works/2004
- version/microsoft works/2005
- version/microsoft works/2006