Oval Definition:oval:org.mitre.oval:def:7286
Revision Date:2014-08-18Version:73
Title:COM Validation Vulnerability
Description:Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-1263
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office XP
Microsoft PowerPoint 2003
Microsoft PowerPoint 2007
Microsoft Publisher 2003
Microsoft Publisher 2007
Microsoft Visio 2003
Microsoft Visio 2007
Microsoft Word 2003
Microsoft Word 2007
Microsoft Wordpad
Definition Synopsis
  • Microsoft Office XP is installed
  • OR Microsoft Office 2007
  • Microsoft Office 2007 is installed
  • AND Mso.dll version is less than 12.0.6535.5002
  • OR Microsoft Office 2003
  • Microsoft Office 2003 is installed
  • AND Mso.dll version is less than 11.0.8324.0
  • OR Word 2007
  • Microsoft Word 2007 is installed
  • AND the version of Winword.exe is less than 12.0.6535.5000
  • OR Word 2003
  • Microsoft Word 2003 is installed
  • AND the version of Winword.exe is less than 11.0.8324.0
  • OR Microsoft Office Visio 2007
  • Microsoft Office Visio 2007 is installed
  • AND Vislib.dll version is less than 12.0.6535.5002
  • OR Microsoft Office Visio 2003
  • Microsoft Office Visio 2003 is installed
  • AND Vislib.dll version is less than 11.0.8323.0
  • OR Microsoft PowerPoint 2007
  • Microsoft PowerPoint 2007 is installed
  • AND ppcore.dll version is less than 12.0.6535.5002
  • OR Publisher 2007
  • Microsoft Publisher 2007 is installed
  • AND the version of Mspub.exe is less than 12.0.6535.5002
  • OR Publisher 2003
  • Microsoft Publisher 2003 is installed
  • AND the version of Mspub.exe is less than 11.0.8324.0
  • OR PowerPoint 2003
  • Microsoft PowerPoint 2003 is installed
  • AND Powerpnt.exe is less than version 11.0.8324.0
  • OR Vulnerable Excel 2003
  • Microsoft Excel 2003 is installed
  • AND Excel.exe version is less than 11.0.8324.0
  • OR Vulnerable Excel 2007
  • Microsoft Excel 2007 is installed
  • AND Excel.exe version is less than 12.0.6524.5003
  • OR Vulnerable Windows XP x86 SP3
  • Microsoft Windows XP (32-bit) is installed
  • AND the version of wordpad.exe is less than 5.1.2600.6010
  • OR Vulnerable Windows XP x64, Server 2003 x86/x64/ia64
  • XP x64 or 2003 x86\x64\ia64
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND the version of wordpad.exe is less than 5.2.3790.4750
  • OR Vulnerable Microsoft Windows Vista x86/x64, Server 2008 32bit/x64/ia64
  • Vista x86\x64 or 2008 x86\x64\ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND GDR or LDR Service branch
  • the version of wordpad.exe is less than 6.0.6001.18498
  • OR The version of Msshsq.dll is less than 6.0.6001.18470
  • OR LDR
  • the version of wordpad.exe is greater than or equal to 6.0.6001.22000
  • AND the version of wordpad.exe is less than 6.0.6001.22720
  • OR LDR
  • The version of Msshsq.dll is greater than or equal to 6.0.6001.22000
  • AND The version of Msshsq.dll is less than 6.0.6001.22685
  • OR Vulnerable Microsoft Windows Vista x86/x64, Server 2008 32bit/x64/ia64
  • Vista x86\x64 or 2008 x86\x64\ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND GDR or LDR Service branch
  • the version of wordpad.exe is less than 6.0.6002.18277
  • OR The version of Msshsq.dll is less than 7.0.6002.18255
  • OR LDR
  • the version of wordpad.exe is greater than or equal to 6.0.6002.22000
  • AND the version of wordpad.exe is less than 6.0.6002.22433
  • OR LDR
  • The version of Msshsq.dll is greater than or equal to 7.0.6002.22000
  • AND The version of Msshsq.dll is less than 7.0.6002.22398
  • OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/ia64
  • 7 x86\x64 or 2008R2 x64\ia64
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND GDR or LDR Service branch
  • the version of wordpad.exe is less than 6.1.7600.16624
  • OR the version of Structuredquery.dll version is less than 7.0.7600.16587
  • OR LDR
  • the version of wordpad.exe is greater than or equal to 6.1.7600.20000
  • AND the version of wordpad.exe is less than 6.1.7600.20744
  • OR LDR
  • the version of Structuredquery.dll is greater than or equal to 7.0.7600.20000
  • AND The version of Structuredquery.dll is less than 7.0.7600.20707
  • BACK