Vulnerability 13500 - CERT Civis.Net

Vulnerability Name:

CCN-13500

Published:

2003-10-03

Updated:

2003-10-03

Summary:

Microsoft Word is vulnerable to a denial of service. By creating a specially-crafted Word document with a modified memory structure, a remote attacker could cause memory corruption and possibly execute arbitrary code on the system, once the victim opens the document.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Vuln-Dev Mailing List, Fri Oct 03 2003 - 13:15:47 CDT
Bug in Microsoft Word

Source: CCN
Type: BID-8761
Microsoft Word Malformed Document Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
word-document-dos(13500)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:microsoft:word:97:*:*:*:*:*:*:*

OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:word:98:::ja:*:*:*:*

OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK