Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-016
Vulnerability from certfr_avis
Plusieurs vulnérabilités d'Excel permettent à un utilisateur malveillant d'exécuter un code arbitraire à distance.
Description
Plusieurs vulnérabilités affectent Excel :
- le traitement défectueux des fichiers contenant un enregistrement IMDATA mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
- le traitement défectueux des fichiers contenant un enregistrement COLUMN mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
- le traitement défectueux des fichiers contenant un enregistrement PALETTE mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
- le traitement défectueux des fichiers contenant une chaîne de caratères mal formée permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
- le traitement défectueux des fichiers contenant un enregistrement mal formé permet à un utilisateur malveillant d'exécuter un code arbitraire sur le système vulnérable avec les droits de l'utilisateur ;
Un attaquant peut exploiter ces vulnérabilités à distance en expédiant un courriel contenant un fichier spécialement conçu ou en incitant l'utilisateur à télécharger un tel fichier sur un site web.
Si l'utilisateur qui exécute le logiciel vulnérable est connecté sous une session d'administrateur, l'attaquant peut prendre le contrôle total de la machine.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Excel Viewer 2003 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2000, 2002, 2003 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Works Suite 2004 et 2005 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2004 et v. X pour Mac.",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent Excel :\n\n- le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n IMDATA mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n l\u0027utilisateur ;\n- le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n COLUMN mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n l\u0027utilisateur ;\n- le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n PALETTE mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un\n code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n l\u0027utilisateur ;\n- le traitement d\u00e9fectueux des fichiers contenant une cha\u00eene de\n carat\u00e8res mal form\u00e9e permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\n un code arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n l\u0027utilisateur ;\n- le traitement d\u00e9fectueux des fichiers contenant un enregistrement\n mal form\u00e9 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un code\n arbitraire sur le syst\u00e8me vuln\u00e9rable avec les droits de\n l\u0027utilisateur ;\n\nUn attaquant peut exploiter ces vuln\u00e9rabilit\u00e9s \u00e0 distance en exp\u00e9diant\nun courriel contenant un fichier sp\u00e9cialement con\u00e7u ou en incitant\nl\u0027utilisateur \u00e0 t\u00e9l\u00e9charger un tel fichier sur un site web.\n\nSi l\u0027utilisateur qui ex\u00e9cute le logiciel vuln\u00e9rable est connect\u00e9 sous\nune session d\u0027administrateur, l\u0027attaquant peut prendre le contr\u00f4le total\nde la machine.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0030"
},
{
"name": "CVE-2007-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0029"
},
{
"name": "CVE-2007-0028",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0028"
},
{
"name": "CVE-2007-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0031"
},
{
"name": "CVE-2007-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0027"
}
],
"initial_release_date": "2007-01-10T00:00:00",
"last_revision_date": "2007-01-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-002 du 09 janvier 2007 :",
"url": "http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-002 du 09 janvier 2007 :",
"url": "http://www.microsoft.com/france/technet/security/bulletin/MS07-002.mspx"
}
],
"reference": "CERTA-2007-AVI-016",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u0027\u003cspan class=\"textit\"\u003eExcel\u003c/span\u003e permettent\n\u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter un code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de Microsoft Excel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin Microsoft MS07-002",
"url": null
}
]
}
CVE-2007-0029 (GCVE-0-2007-0029)
Vulnerability from cvelistv5
Published
2007-01-09 23:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "oval:org.mitre.oval:def:1102",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1102"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "21877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21877"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "31256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka \"Excel Malformed String Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "oval:org.mitre.oval:def:1102",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1102"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "21877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21877"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "31256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka \"Excel Malformed String Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-009A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "oval:org.mitre.oval:def:1102",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1102"
},
{
"name": "1017487",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "HPSBST02184",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "21877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21877"
},
{
"name": "ADV-2007-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "31256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0029",
"datePublished": "2007-01-09T23:00:00",
"dateReserved": "2007-01-03T00:00:00",
"dateUpdated": "2024-08-07T12:03:36.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0031 (GCVE-0-2007-0031)
Vulnerability from cvelistv5
Published
2007-01-09 23:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "20070109 Microsoft Excel Long Palette Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "31258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31258"
},
{
"name": "21922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21922"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#625532",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/625532"
},
{
"name": "oval:org.mitre.oval:def:753",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "20070109 Microsoft Excel Long Palette Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "31258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31258"
},
{
"name": "21922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21922"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#625532",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/625532"
},
{
"name": "oval:org.mitre.oval:def:753",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-009A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "20070109 Microsoft Excel Long Palette Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461"
},
{
"name": "1017487",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "HPSBST02184",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "31258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31258"
},
{
"name": "21922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21922"
},
{
"name": "ADV-2007-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#625532",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/625532"
},
{
"name": "oval:org.mitre.oval:def:753",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0031",
"datePublished": "2007-01-09T23:00:00",
"dateReserved": "2007-01-03T00:00:00",
"dateUpdated": "2024-08-07T12:03:36.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0030 (GCVE-0-2007-0030)
Vulnerability from cvelistv5
Published
2007-01-09 23:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "31257",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31257"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "oval:org.mitre.oval:def:323",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#302836",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/302836"
},
{
"name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "21925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "31257",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31257"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "oval:org.mitre.oval:def:323",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#302836",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/302836"
},
{
"name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "21925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-009A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "31257",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31257"
},
{
"name": "1017487",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "oval:org.mitre.oval:def:323",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A323"
},
{
"name": "HPSBST02184",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#302836",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/302836"
},
{
"name": "20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460"
},
{
"name": "ADV-2007-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "21925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0030",
"datePublished": "2007-01-09T23:00:00",
"dateReserved": "2007-01-03T00:00:00",
"dateUpdated": "2024-08-07T12:03:36.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0027 (GCVE-0-2007-0027)
Vulnerability from cvelistv5
Published
2007-01-09 22:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31255"
},
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "21856",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21856"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#749964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/749964"
},
{
"name": "oval:org.mitre.oval:def:119",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "31255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31255"
},
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "1017487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "21856",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21856"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#749964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/749964"
},
{
"name": "oval:org.mitre.oval:def:119",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31255",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31255"
},
{
"name": "TA07-009A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "1017487",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017487"
},
{
"name": "21856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21856"
},
{
"name": "HPSBST02184",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "ADV-2007-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "MS07-002",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "VU#749964",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/749964"
},
{
"name": "oval:org.mitre.oval:def:119",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0027",
"datePublished": "2007-01-09T22:00:00",
"dateReserved": "2007-01-03T00:00:00",
"dateUpdated": "2024-08-07T12:03:36.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0028 (GCVE-0-2007-0028)
Vulnerability from cvelistv5
Published
2007-01-09 23:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html"
},
{
"name": "31249",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31249"
},
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "21952",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21952"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:768",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html"
},
{
"name": "VU#493185",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/493185"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "23676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23676"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "1017485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an \"Improper Memory Access Vulnerability.\" NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html"
},
{
"name": "31249",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31249"
},
{
"name": "TA07-009A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "21952",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21952"
},
{
"name": "HPSBST02184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:768",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html"
},
{
"name": "VU#493185",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/493185"
},
{
"name": "ADV-2007-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "23676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23676"
},
{
"name": "MS07-002",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "1017485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an \"Improper Memory Access Vulnerability.\" NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html",
"refsource": "MISC",
"url": "http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html"
},
{
"name": "31249",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31249"
},
{
"name": "TA07-009A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html"
},
{
"name": "21952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21952"
},
{
"name": "HPSBST02184",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:768",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A768"
},
{
"name": "http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html",
"refsource": "MISC",
"url": "http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html"
},
{
"name": "VU#493185",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/493185"
},
{
"name": "ADV-2007-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0103"
},
{
"name": "23676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23676"
},
{
"name": "MS07-002",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002"
},
{
"name": "SSRT071296",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded"
},
{
"name": "1017485",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0028",
"datePublished": "2007-01-09T23:00:00",
"dateReserved": "2007-01-03T00:00:00",
"dateUpdated": "2024-08-07T12:03:36.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…