CVE-2007-0208

Microsoft Office 2000/2003/XP/2004 for Mac - Remote Code Execution via Malicious Macro

Title source: llm
STIX 2.1

Description

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017639
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0583
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34385
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A700
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22477

Scores

EPSS 0.3011
EPSS Percentile 98.0%

Details

CWE
CWE-20
Status published
Products (11)
microsoft/office 2000 sp3
microsoft/office 2003 sp2
microsoft/office 2004
microsoft/office xp sp3
microsoft/word 2000
microsoft/word 2002
microsoft/word 2003
microsoft/word_viewer 2003
microsoft/works 2004
microsoft/works 2005
... and 1 more
Published Feb 13, 2007
Tracked Since Feb 18, 2026