CVE-2007-0208 : Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

Published 2007-02-13 21:28:00

Updated 2025-04-09 00:30:58

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2007-0208

Microsoft » Office » Version: 2000 Update SP3
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: XP Update SP3
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2003 Update SP2
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2004 MAC Edition
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2000
cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2002
cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
Matching versions
Microsoft » Word » Version: 2003
cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*
Matching versions
Microsoft » Works » Version: 2004
cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
Matching versions
Microsoft » Works » Version: 2006
cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*
Matching versions
Microsoft » Works » Version: 2005
cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
Matching versions
Microsoft » Word Viewer » Version: 2003
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-0208

EPSS FAQ

57.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-0208

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-0208

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-0208

Jump to

Vulnerability Details : CVE-2007-0208

Products affected by CVE-2007-0208

Exploit prediction scoring system (EPSS) score for CVE-2007-0208

CVSS scores for CVE-2007-0208

CWE ids for CVE-2007-0208

References for CVE-2007-0208