CVE-2007-0035

Microsoft Office 2000/2003/XP/2004 Mac & Works Suite 2004-2006 RCE via Array Overflow

Title source: llm
STIX 2.1

Description

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/468871/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23804
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018013
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1709
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34387
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/260777
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1737

Scores

EPSS 0.3209
EPSS Percentile 98.1%

Details

CWE
CWE-20
Status published
Products (7)
microsoft/office 2000 sp3
microsoft/office 2003 (2 CPE variants)
microsoft/office 2004
microsoft/office xp sp3
microsoft/works 2004
microsoft/works 2005
microsoft/works 2006
Published May 08, 2007
Tracked Since Feb 18, 2026