Vulnerabilities > CVE-2007-1203 - Remote Code Execution vulnerability in Microsoft Excel Set Font

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

microsoft

critical

nessus

NVD

Published: 2007-05-08

Updated: 2018-10-16

Summary

Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2004 Microsoft Excel 2007 Microsoft Excel Viewer 2003	6

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_MS_OFFICE_MAY2007.NASL
description	The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it with Microsoft Word, Excel or another Office application.
last seen	2019-10-28
modified	2007-05-09
plugin id	25173
published	2007-05-09
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25173
title	MS07-023 / MS07-024 / MS07-025: Vulnerabilities in Microsoft Office Allow Remote Code Execution (934233 / 934232 / 934873) (Mac OS X)
code	#TRUSTED 9b0160e692fa250dc2bb84b8fd390070eb263724fdcdf341f766a19ec3ae564ad7a1a85d179dddbebe8c92e41b9d6b89949fbeeb983fb1ca768ae2a5dcc05833c870cccc4059878fbd17df63875edcde323861a83ccb753fd94f799a7c110d5fa1ea4e2bb209cf37874b107149375d23e3a38f5ddaaf53b8a36e7d0c213f26f55ce2651f03f4eae5ae1a798155c6206bc5d9798b46a4a296ee67cb4672287cf56042903c159c18f313cb9d017bf6237f5a56bff6e5a7a899be25c8fdea2c53debaacc02cb13d0d313d0d768e7ac0b0d74d999736fba0b93915cb4c611183458d5928da30a219a8720283f9786dabd7a6143e28ebe0d9265167545970fc40610289e6dfec4f3bca0ee0da8160bf1209aa071e2aa76c23d453ac2a76ddc773ecc38d118acb303e39ed74360f87b178a843107d06ea8b6d2c11056f3c1eca313116d7f2c7381b6fb4d6e8f1bbe18fd962ae3de206ef5af89c3fb89be3fcf07179c77680286c476d6c2a293a3994178e3756708189c79f25db27643facd9d781c602d848918fe0de0b91779d6ef15275fcd2b30890f0445df13e0ad7129d0d283d009e09121cd14efefcdbe4f5160dfb1b4e8dec3d395e078c09d7903d9f27ddad5a7d98471bbfed9881f405754133d475ce9cde63c1d41bf933ab44e5ad8059e8207e07dda2cf3e3f83edf3726052aa2803b0e16097687d1a2bab54fbdc966c6477 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25173); script_version("1.29"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14"); script_cve_id( "CVE-2007-0035", "CVE-2007-0215", # "CVE-2007-0870", Microsoft Office 2004 for Mac not impacted "CVE-2007-1202", "CVE-2007-1203", "CVE-2007-1214", "CVE-2007-1747" ); script_bugtraq_id(23760, 23779, 23780, 23804, 23826, 23836); script_xref(name:"MSFT", value:"MS07-023"); script_xref(name:"MSFT", value:"MS07-024"); script_xref(name:"MSFT", value:"MS07-025"); script_xref(name:"MSKB", value:"934232"); script_xref(name:"MSKB", value:"934233"); script_xref(name:"MSKB", value:"934873"); script_name(english:"MS07-023 / MS07-024 / MS07-025: Vulnerabilities in Microsoft Office Allow Remote Code Execution (934233 / 934232 / 934873) (Mac OS X)"); script_summary(english:"Check for Office 2004 and X"); script_set_attribute( attribute:"synopsis", value: "An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it with Microsoft Word, Excel or another Office application." ); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-023"); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-024"); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-025"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.*", string:uname) ) { off2004 = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office"); if ( ! islocalhost() ) { ret = ssh_open_connection(); if ( ! ret ) exit(0); buf = ssh_cmd(cmd:off2004); ssh_close_connection(); } else buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004)); if ( buf =~ "^11\." ) { vers = split(buf, sep:'.', keep:FALSE); if ( (int(vers[0]) == 11 && int(vers[1]) < 3) \|\| (int(vers[0]) == 11 && int(vers[1]) == 3 && int(vers[2]) < 5 ) ) security_hole(0); } }

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS07-023.NASL
description	The remote host is running a version of Microsoft Excel that is subject to various flaws which could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel.
last seen	2020-06-01
modified	2020-06-02
plugin id	25162
published	2007-05-08
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25162
title	MS07-023: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

Oval

accepted

2014-06-30T04:09:04.364-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Josh Turpin
organization Symantec Corporation
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Excel 2000 is installed
oval oval:org.mitre.oval:def:758
comment Microsoft Excel 2002 is installed
oval oval:org.mitre.oval:def:473
comment Microsoft Excel 2003 is installed
oval oval:org.mitre.oval:def:764
comment Microsoft Excel Viewer 2003 is installed
oval oval:org.mitre.oval:def:439
comment Microsoft Excel 2007 is installed
oval oval:org.mitre.oval:def:1745
comment Microsoft Office Compatibility Pack is installed
oval oval:org.mitre.oval:def:1853

description

family

windows

oval:org.mitre.oval:def:2014

status

accepted

submitted

2007-05-09T10:04:48

title

Excel Set Font Vulnerability

version

Summary

Vulnerable Configurations

Nessus

Oval

References