fkie_cve-2007-0671
Vulnerability from fkie_nvd
Published
2007-02-03 01:28
Modified
2025-10-22 01:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
References
secure@microsoft.comhttp://osvdb.org/31901
secure@microsoft.comhttp://secunia.com/advisories/24008Vendor Advisory
secure@microsoft.comhttp://securitytracker.com/id?1017584
secure@microsoft.comhttp://vil.nai.com/vil/content/v_141393.htm
secure@microsoft.comhttp://www.avertlabs.com/research/blog/?p=191
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/613740US Government Resource
secure@microsoft.comhttp://www.microsoft.com/technet/security/advisory/932553.mspxVendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/22383
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/0463Vendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/32178
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/31901
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24008Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017584
af854a3a-2127-422b-91ae-364da2661108http://vil.nai.com/vil/content/v_141393.htm
af854a3a-2127-422b-91ae-364da2661108http://www.avertlabs.com/research/blog/?p=191
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/613740US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.microsoft.com/technet/security/advisory/932553.mspxVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22383
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0463Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32178
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301
134c704f-9b21-4f2e-91b3-4a467353bcc0https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671
Impacted products
Vendor Product Version
microsoft access 2000
microsoft access 2002
microsoft access 2003
microsoft excel 2000
microsoft excel 2002
microsoft excel 2003
microsoft excel 2004
microsoft excel_viewer 2003
microsoft frontpage 2000
microsoft frontpage 2002
microsoft frontpage 2003
microsoft infopath 2003
microsoft office 2000
microsoft office 2003
microsoft office 2004
microsoft office xp
microsoft onenote 2003
microsoft outlook 2000
microsoft outlook 2002
microsoft outlook 2003
microsoft powerpoint 2000
microsoft powerpoint 2002
microsoft powerpoint 2003
microsoft powerpoint 2004
microsoft project 2000
microsoft project 2002
microsoft project 2003
microsoft publisher 2000
microsoft publisher 2002
microsoft publisher 2003
microsoft visio 2002
microsoft visio 2003
microsoft word 2000
microsoft word 2002
microsoft word 2003
microsoft word_viewer 2003


To clipboard 

{
  "cisaActionDue": "2025-09-02",
  "cisaExploitAdd": "2025-08-12",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft Office Excel Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D7BA07-3BCA-41CF-B5D3-341E912650A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DFFFF4-EA09-48C5-A600-A62C1A1A7360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:access:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4AE5AF-C83E-4802-B75C-0058742A4997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "CE1A1218-8033-4F3C-B8D7-7D1D61A273E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C6629C-BF53-49A1-B32C-A828CA0A0500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "6548F837-A687-4EEF-B754-DAA834B34FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C79FEE1-70A3-4A48-BE7B-0D18F0A5FA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "345BC07E-1558-4C27-BF1A-C13547D175FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BA88A3-A31F-4F90-8913-67D5BC00E72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52F17AB-2C87-4C1A-91B5-267ABBCF5844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE6EAE0-5A8F-4A97-950B-879379A3C0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "794FCFBF-2D55-4ECE-825E-180616DB35FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "6F0EF69E-52BA-4D7C-B470-CB4A92DA7EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EFAEFE-2BDE-4111-91F5-E9F75ADFA920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "95648599-D3B3-4043-821C-D385FB7A77CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ED878A-CFC5-4FD5-A403-EB16CC4F8BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "617E8BE3-8AD0-42FC-BDEE-6B1F120AE512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "511E22C6-DB04-44A0-906D-F432DD42CA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEBFF713-0884-43BF-9AB8-777664FD64AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D90B1E1-23CD-4595-AD78-DA1758E9896D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "379C2A4A-78EF-473D-954B-F5DD76C3D6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en Microsoft Excel 2000, XP, 2003 y 2004 para Mac, y posiblemente otros productos de Office, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de vectores de ataque desconocidos, como es demostrado por el archivo Exploit-MSExcel.h en ataques de d\u00eda cero dirigidos."
    }
  ],
  "id": "CVE-2007-0671",
  "lastModified": "2025-10-22T01:15:32.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2007-02-03T01:28:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/31901"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24008"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1017584"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://vil.nai.com/vil/content/v_141393.htm"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.avertlabs.com/research/blog/?p=191"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/613740"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/22383"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0463"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/31901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://vil.nai.com/vil/content/v_141393.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.avertlabs.com/research/blog/?p=191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/613740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/932553.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.