Oval Definition:oval:org.mitre.oval:def:18246
Revision Date:2014-06-30Version:17
Title:Word Memory Corruption Vulnerability (CVE-2013-3851) - MS13-072
Description:Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-3851
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office Compatibility Pack
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word Viewer
Definition Synopsis
  • word 2003/versions
  • either files
  • Check if the version of mso.dll is less than 11.0.8405
  • OR Check if the version of winword.exe is less than 11.0.8406
  • AND Microsoft Word 2003 SP3 is installed
  • OR word 2007/versions
  • either files
  • Check if the version of mso.dll is less than 12.0.6683.5000
  • OR Check if the version of winword.exe is less than 12.0.6683.5001
  • AND Microsoft Word 2007 SP3 is installed
  • OR word viewer/versions
  • Microsoft Word Viewer 2003 SP3 is installed
  • AND Check if the version of wordview is less than 11.0.8406
  • OR office compatibility pack/version
  • Check if the version of wordcnv.dll is less than 12.0.6683.5001
  • AND Microsoft Office Compatibility Pack SP3 is installed
    • BACK