CVE-2007-0515

EXPLOITED

Microsoft Word 2000 and 2003 - Remote Code Execution and Denial of Service via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-0515 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including xCuter, Symantec.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Microsoft Word 2000 via a malformed string in a crafted Word file, leading to arbitrary command execution (e.g., CMD.EXE). It also causes a DoS in Word 2003/XP by consuming CPU resources.

Description

Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.

Exploits (2)

exploitdb WORKING POC VERIFIED
by xCuter · textlocalwindows
https://www.exploit-db.com/exploits/3260

This exploit targets a memory corruption vulnerability in Microsoft Word 2000 via a malformed string in a crafted Word file, leading to arbitrary command execution (e.g., CMD.EXE). It also causes a DoS in Word 2003/XP by consuming CPU resources.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Word 2000 (9.0.2720)
No auth needed
Prerequisites: Victim must open a malformed Word document
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Symantec · textremotewindows
https://www.exploit-db.com/exploits/29524

This is a vulnerability writeup describing a remote code execution issue in Microsoft Word 2000. The document references a distinct flaw from other known Word vulnerabilities and includes a link to a binary exploit.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Word 2000
No auth needed
Prerequisites: Victim must open a malicious Word document
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23950
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A528
Various Sources x_refsource_misc
http://isc.sans.org/diary.html?storyid=2133
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22225
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/31900
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0350
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22328
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/412225
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31834
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017564

Scores

EPSS 0.8163
EPSS Percentile 99.2%

Details

VulnCheck KEV 2007-02-13
Status published
Products (11)
microsoft/office 2000 sp3
microsoft/office 2003 sp2
microsoft/office 2004
microsoft/office xp sp3
microsoft/word 2000
microsoft/word 2002
microsoft/word 2003
microsoft/word_viewer 2003
microsoft/works 2004
microsoft/works 2005
... and 1 more
Published Jan 26, 2007
Tracked Since Feb 18, 2026