Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| No informations. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 3260
Publication date : 2007-02-02 23h00 +00:00
Author : xCuter
EDB Verified : Yes
############ use at your own risk *******
+ Title: Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit (0-day)
+ code by xCuter (BongGoo Kang - xcuter@returnaddr.org)
+ Critical: High Critical
+ Impact: MS Word 2000 -> Could Allow Arbitrary Command Execution
MS word 2003 -> Attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service
+ Where: From remote
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
+ Tested Software: Microsoft(R) Word 2000 (9.0.2720)
+ Solution: Not Patched (zero-day)
+ Description:
When a user opens a specially crafted Word file using a malformed string,
it may corrupt system memory in such a way that an attacker could execute arbitrary code
This exploit will be execute command - 'CMD.EXE'
+ Reference : http://www.microsoft.com/technet/security/advisory/932114.mspx - Microsoft Security Advisory (932114)
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29524.doc (02032007-word2000exp.doc)
- http://www.returnaddr.org/exploit/word2000
############ use at your own risk *******
# milw0rm.com [2007-02-03]
Exploit Database EDB-ID : 29524
Publication date : 2007-01-24 23h00 +00:00
Author : Symantec
EDB Verified : Yes
source: https://www.securityfocus.com/bid/22225/info
Microsoft Word 2000 is prone to a remote code-execution vulnerability.
Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.
Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Malformed String Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29524.doc
Products Mentioned
Configuraton 0
Microsoft>>Office >> Version 2000
- Microsoft>>Office >> Version 2000 (Open CPE detail)
Microsoft>>Office >> Version 2003
- Microsoft>>Office >> Version 2003 (Open CPE detail)
- Microsoft>>Office >> Version 2003 (Open CPE detail)
Microsoft>>Office >> Version 2004
- Microsoft>>Office >> Version 2004 (Open CPE detail)
Microsoft>>Office >> Version xp
- Microsoft>>Office >> Version xp (Open CPE detail)
Microsoft>>Word >> Version 2000
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
- Microsoft>>Word >> Version 2000 (Open CPE detail)
Microsoft>>Word >> Version 2002
- Microsoft>>Word >> Version 2002 (Open CPE detail)
- Microsoft>>Word >> Version 2002 (Open CPE detail)
- Microsoft>>Word >> Version 2002 (Open CPE detail)
- Microsoft>>Word >> Version 2002 (Open CPE detail)
Microsoft>>Word >> Version 2003
- Microsoft>>Word >> Version 2003 (Open CPE detail)
- Microsoft>>Word >> Version 2003 (Open CPE detail)
- Microsoft>>Word >> Version 2003 (Open CPE detail)
Microsoft>>Word_viewer >> Version 2003
- Microsoft>>Word_viewer >> Version 2003 (Open CPE detail)
Microsoft>>Works >> Version 2004
- Microsoft>>Works >> Version 2004 (Open CPE detail)
Microsoft>>Works >> Version 2005
- Microsoft>>Works >> Version 2005 (Open CPE detail)
Microsoft>>Works >> Version 2006
- Microsoft>>Works >> Version 2006 (Open CPE detail)
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A528
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
http://www.symantec.com/enterprise/security_response/weblog/2007/01/new_microsoft_word_2000_vulner.html
Tags : x_refsource_MISC
Tags : x_refsource_MISC
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-013010-5422-99&tabid=2
Tags : x_refsource_MISC
Tags : x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-014
Tags : vendor-advisory, x_refsource_MS
Tags : vendor-advisory, x_refsource_MS
2025©
tesweb SA
