CVE-2007-2496 - The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of s

CVE-2007-2496

Summary

The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.

References

Vulnerable Configurations

cpe:2.3:a:office_ocx:word_viewer_ocx:3.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:office_ocx:word_viewer_ocx:3.2.0.5:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	23784
misc	http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html
osvdb	34334
secunia	25100
vupen	ADV-2007-1634
xf	word-viewer-ocx-bo(34027)

Last major update

29-07-2017 - 01:31

Published

04-05-2007 - 00:19

Last modified

29-07-2017 - 01:31