CVE-2007-0216

Microsoft Works File Converter - Remote Code Execution via Crafted WPS Section Length Headers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0216.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in the WPS to RTF convert filter in Microsoft Office 2003. It crafts a malicious WPS file with an oversized TEXT section to trigger the overflow, leading to potential remote code execution.

Description

wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

Exploits (1)

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/5107

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in the WPS to RTF convert filter in Microsoft Office 2003. It crafts a malicious WPS file with an oversized TEXT section to trigger the overflow, leading to potential remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Office 2003

No auth needed

Prerequisites: Victim must open the malicious WPS file

MITRE ATT&CK