Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-074
Vulnerability from certfr_avis
Trois vulnérabilités distinctes ont été identifiées dans le convertisseur de fichiers Microsoft Works 6 inclus dans certaines suites bureautiques. L'exploitation de ces dernières peut provoquer l'exécution de code arbitraire et la prise de contrôle du système vulnérable.
Description
Trois vulnérabilités distinctes ont été identifiées dans le convertisseur de fichiers Microsoft Works 6 inclus dans certaines suites bureautiques :
- les entrées ne seraient pas correctement manipulées, en particulier l'en-tête longueur de section présent dans les fichiers au format .wps ;
- la gestion de la table d'indexation dans l'en-tête de fichiers au format .wps ne serait pas correcte ;
- la longueur des champs dans un fichier au format .wps ne serait pas suffisamment contrôlée.
L'exploitation de ces vulnérabilités peut provoquer l'exécution de code arbitraire et la prise de contrôle du système vulnérable.
Solution
Se référer au bulletin de sécurité MS08-011 de Microsoft pour l'obtention des correctifs (cf. section Documentation).
Il s'agit du convertisseur de fichiers Microsoft Works 6 inclus dans les suites :
- Microsoft Office 2003 Service Pack 2 ;
- Microsoft Office 2003 Service Pack 3 ;
- Microsoft Works 8.0 ;
- Microsoft Works Suite 2005.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIl s\u0027agit du convertisseur de fichiers Microsoft Works 6 inclus dans les suites :\u003c/P\u003e \u003cUL\u003e \u003cLI\u003eMicrosoft Office 2003 Service Pack 2 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Office 2003 Service Pack 3 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Works 8.0 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Works Suite 2005.\u003c/LI\u003e \u003c/UL\u003e",
"content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s distinctes ont \u00e9t\u00e9 identifi\u00e9es dans le\nconvertisseur de fichiers Microsoft Works 6 inclus dans certaines suites\nbureautiques :\n\n- les entr\u00e9es ne seraient pas correctement manipul\u00e9es, en particulier\n l\u0027en-t\u00eate longueur de section pr\u00e9sent dans les fichiers au format\n .wps ;\n- la gestion de la table d\u0027indexation dans l\u0027en-t\u00eate de fichiers au\n format .wps ne serait pas correcte ;\n- la longueur des champs dans un fichier au format .wps ne serait pas\n suffisamment contr\u00f4l\u00e9e.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut provoquer l\u0027ex\u00e9cution de code\narbitraire et la prise de contr\u00f4le du syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-011 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-0105",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0105"
},
{
"name": "CVE-2007-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0216"
},
{
"name": "CVE-2008-0108",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0108"
}
],
"initial_release_date": "2008-02-13T00:00:00",
"last_revision_date": "2008-02-13T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-074",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Trois vuln\u00e9rabilit\u00e9s distinctes ont \u00e9t\u00e9 identifi\u00e9es dans le\nconvertisseur de fichiers Microsoft Works 6 inclus dans certaines suites\nbureautiques. L\u0027exploitation de ces derni\u00e8res peut provoquer l\u0027ex\u00e9cution\nde code arbitraire et la prise de contr\u00f4le du syst\u00e8me vuln\u00e9rable.\n",
"title": "Plusieurs vuln\u00e9rabilit\u00e9s dans le convertisseur de fichiers Microsoft Works",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-011 du 12 f\u00e9vrier 2008",
"url": "http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx"
}
]
}
CVE-2008-0105 (GCVE-0-2008-0105)
Vulnerability from cvelistv5
Published
2008-02-12 22:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5009",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5009"
},
{
"name": "27658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27658"
},
{
"name": "1019387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019387"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28904"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "MS08-011",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka \"Microsoft Works File Converter Index Table Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5009",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5009"
},
{
"name": "27658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27658"
},
{
"name": "1019387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019387"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28904"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "MS08-011",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka \"Microsoft Works File Converter Index Table Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5009",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5009"
},
{
"name": "27658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27658"
},
{
"name": "1019387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019387"
},
{
"name": "HPSBST02314",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28904"
},
{
"name": "SSRT080016",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "TA08-043C",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "MS08-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0105",
"datePublished": "2008-02-12T22:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0108 (GCVE-0-2008-0108)
Vulnerability from cvelistv5
Published
2008-02-12 22:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5202",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5202"
},
{
"name": "1019388",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019388"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28904"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "27659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27659"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "5107",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5107"
},
{
"name": "ADV-2008-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "MS08-011",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
},
{
"name": "20080208 Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka \"Microsoft Works File Converter Field Length Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5202",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5202"
},
{
"name": "1019388",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019388"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28904"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "27659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27659"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "5107",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5107"
},
{
"name": "ADV-2008-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "MS08-011",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
},
{
"name": "20080208 Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka \"Microsoft Works File Converter Field Length Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5202",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5202"
},
{
"name": "1019388",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019388"
},
{
"name": "HPSBST02314",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28904"
},
{
"name": "SSRT080016",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "27659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27659"
},
{
"name": "TA08-043C",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "5107",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5107"
},
{
"name": "ADV-2008-0513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "MS08-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
},
{
"name": "20080208 Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0108",
"datePublished": "2008-02-12T22:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0216 (GCVE-0-2007-0216)
Vulnerability from cvelistv5
Published
2008-02-12 22:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5309",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5309"
},
{
"name": "20080208 Microsoft Office Works Converter Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28904"
},
{
"name": "27657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27657"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "1019386",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019386"
},
{
"name": "MS08-011",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka \"Microsoft Works File Converter Input Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5309",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5309"
},
{
"name": "20080208 Microsoft Office Works Converter Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659"
},
{
"name": "HPSBST02314",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28904"
},
{
"name": "27657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27657"
},
{
"name": "SSRT080016",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "TA08-043C",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "1019386",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019386"
},
{
"name": "MS08-011",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka \"Microsoft Works File Converter Input Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5309",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5309"
},
{
"name": "20080208 Microsoft Office Works Converter Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659"
},
{
"name": "HPSBST02314",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "28904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28904"
},
{
"name": "27657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27657"
},
{
"name": "SSRT080016",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
},
{
"name": "TA08-043C",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name": "ADV-2008-0513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0513/references"
},
{
"name": "1019386",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019386"
},
{
"name": "MS08-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0216",
"datePublished": "2008-02-12T22:00:00",
"dateReserved": "2007-01-12T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…