Related Weaknesses
CWE-ID |
Weakness Name |
Source |
CWE Other |
No informations. |
|
Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
9.3 |
|
AV:N/AC:M/Au:N/C:C/I:C/A:C |
nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 3260
Publication date : 2007-02-02 23h00 +00:00
Author : xCuter
EDB Verified : Yes
############ use at your own risk *******
+ Title: Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit (0-day)
+ code by xCuter (BongGoo Kang - xcuter@returnaddr.org)
+ Critical: High Critical
+ Impact: MS Word 2000 -> Could Allow Arbitrary Command Execution
MS word 2003 -> Attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service
+ Where: From remote
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
+ Tested Software: Microsoft(R) Word 2000 (9.0.2720)
+ Solution: Not Patched (zero-day)
+ Description:
When a user opens a specially crafted Word file using a malformed string,
it may corrupt system memory in such a way that an attacker could execute arbitrary code
This exploit will be execute command - 'CMD.EXE'
+ Reference : http://www.microsoft.com/technet/security/advisory/932114.mspx - Microsoft Security Advisory (932114)
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29524.doc (02032007-word2000exp.doc)
- http://www.returnaddr.org/exploit/word2000
############ use at your own risk *******
# milw0rm.com [2007-02-03]
Exploit Database EDB-ID : 29524
Publication date : 2007-01-24 23h00 +00:00
Author : Symantec
EDB Verified : Yes
source: https://www.securityfocus.com/bid/22225/info
Microsoft Word 2000 is prone to a remote code-execution vulnerability.
Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.
Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Malformed String Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29524.doc
Products Mentioned
Configuraton 0
Microsoft>>Office >> Version 2000
Microsoft>>Office >> Version 2003
Microsoft>>Office >> Version 2004
Microsoft>>Office >> Version xp
Microsoft>>Word >> Version 2000
Microsoft>>Word >> Version 2002
Microsoft>>Word >> Version 2003
Microsoft>>Word_viewer >> Version 2003
Microsoft>>Works >> Version 2004
Microsoft>>Works >> Version 2005
Microsoft>>Works >> Version 2006
References