cvelistv5 - cve-2007-1754

CVE-2007-1754 (GCVE-0-2007-1754)

Vulnerability from cvelistv5 – Published: 2007-07-10 22:00 – Updated: 2024-08-07 13:06

Summary

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://archive.cert.uni-stuttgart.de/bugtraq/2007…	vendor-advisoryx_refsource_HP
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securitytracker.com/id?1018353	vdb-entryx_refsource_SECTRACK
	http://research.eeye.com/html/advisories/publishe…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/2479	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/25988	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/35953	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/473309/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:06:26.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT071446",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
          },
          {
            "name": "MS07-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
          },
          {
            "name": "1018353",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018353"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
          },
          {
            "name": "ADV-2007-2479",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2479"
          },
          {
            "name": "oval:org.mitre.oval:def:1871",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
          },
          {
            "name": "TA07-191A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
          },
          {
            "name": "25988",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25988"
          },
          {
            "name": "35953",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35953"
          },
          {
            "name": "20070710 EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "SSRT071446",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
        },
        {
          "name": "MS07-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
        },
        {
          "name": "1018353",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018353"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
        },
        {
          "name": "ADV-2007-2479",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2479"
        },
        {
          "name": "oval:org.mitre.oval:def:1871",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
        },
        {
          "name": "TA07-191A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
        },
        {
          "name": "25988",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25988"
        },
        {
          "name": "35953",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35953"
        },
        {
          "name": "20070710 EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-1754",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT071446",
              "refsource": "HP",
              "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
            },
            {
              "name": "MS07-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
            },
            {
              "name": "1018353",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018353"
            },
            {
              "name": "http://research.eeye.com/html/advisories/published/AD20070710.html",
              "refsource": "MISC",
              "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
            },
            {
              "name": "ADV-2007-2479",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2479"
            },
            {
              "name": "oval:org.mitre.oval:def:1871",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
            },
            {
              "name": "TA07-191A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
            },
            {
              "name": "25988",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25988"
            },
            {
              "name": "35953",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35953"
            },
            {
              "name": "20070710 EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-1754",
    "datePublished": "2007-07-10T22:00:00",
    "dateReserved": "2007-03-29T00:00:00",
    "dateUpdated": "2024-08-07T13:06:26.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"190A4DF4-EA93-4E18-BA96-7A7AC48831F0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \\\"Publisher Invalid Memory Reference Vulnerability\\\".\"}, {\"lang\": \"es\", \"value\": \"La biblioteca PUBCONV.DLL en Microsoft Office Publisher 2007 no borra apropiadamente la memoria al transferir datos del disco a la memoria, lo que permite a los atacantes remotos asistidos por el usuario ejecutar c\\u00f3digo arbitrario por medio de una p\\u00e1gina .pub malformada mediante un valor negativo determinado, que omite un procedimiento de saneamiento que inicializa punteros cr\\u00edticos a NULL, tambi\\u00e9n se conoce como la \\\"Publisher Invalid Memory Reference Vulnerability\\u201d.\"}]",
      "id": "CVE-2007-1754",
      "lastModified": "2024-11-21T00:29:04.740",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-07-10T22:30:00.000",
      "references": "[{\"url\": \"http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/35953\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://research.eeye.com/html/advisories/published/AD20070710.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/25988\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/473309/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1018353\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-191A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2479\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/35953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://research.eeye.com/html/advisories/published/AD20070710.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/473309/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018353\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-191A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2479\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1754\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-07-10T22:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \\\"Publisher Invalid Memory Reference Vulnerability\\\".\"},{\"lang\":\"es\",\"value\":\"La biblioteca PUBCONV.DLL en Microsoft Office Publisher 2007 no borra apropiadamente la memoria al transferir datos del disco a la memoria, lo que permite a los atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de una p\u00e1gina .pub malformada mediante un valor negativo determinado, que omite un procedimiento de saneamiento que inicializa punteros cr\u00edticos a NULL, tambi\u00e9n se conoce como la \\\"Publisher Invalid Memory Reference Vulnerability\u201d.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"190A4DF4-EA93-4E18-BA96-7A7AC48831F0\"}]}]}],\"references\":[{\"url\":\"http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/35953\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://research.eeye.com/html/advisories/published/AD20070710.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/25988\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/473309/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1018353\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-191A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2479\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/35953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://research.eeye.com/html/advisories/published/AD20070710.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/473309/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-191A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2479\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-292

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité a été identifiée dans l'application Publisher 2007, un composant disponible avec la suite bureautique Microsoft Office 2007.

Cette dernière n'effacerait pas de manière satisfaisante les ressources en mémoire, au cours de l'opération d'écriture de données entre le disque et la mémoire. Plus précisément, l'erreur proviendrait de la bibliothèque de conversion PUBCONV.DLL utilisée par Publisher pour « convertir » des documents produits par des versions antérieures de Publisher.

Une personne malveillante pourrait donc construire une page .pub particulière, exploitant cette vulnérabilité. A l'ouverture de cette page sur un système vulnérable, du code arbitraire pourrait être exécuter à l'insu de l'utilisateur.

Solution

Se référer au bulletin de sécurité MS07-037 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Vulnérabilité de Microsoft Office Publisher 2007 dans la suite bureautique Microsoft Office 2007.

Les versions précédentes de l'application ne seraient pas affectées par cette vulnérabilité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-037 du 10 juillet 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eVuln\u00e9rabilit\u00e9 de Microsoft Office Publisher 2007 dans la    suite bureautique Microsoft Office 2007.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes versions pr\u00e9c\u00e9dentes de l\u0027application ne seraient pas  affect\u00e9es par cette vuln\u00e9rabilit\u00e9.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027application Publisher 2007, un\ncomposant disponible avec la suite bureautique Microsoft Office 2007.\n\nCette derni\u00e8re n\u0027effacerait pas de mani\u00e8re satisfaisante les ressources\nen m\u00e9moire, au cours de l\u0027op\u00e9ration d\u0027\u00e9criture de donn\u00e9es entre le\ndisque et la m\u00e9moire. Plus pr\u00e9cis\u00e9ment, l\u0027erreur proviendrait de la\nbiblioth\u00e8que de conversion PUBCONV.DLL utilis\u00e9e par Publisher pour \u00ab\nconvertir \u00bb des documents produits par des versions ant\u00e9rieures de\nPublisher.\n\nUne personne malveillante pourrait donc construire une page .pub\nparticuli\u00e8re, exploitant cette vuln\u00e9rabilit\u00e9. A l\u0027ouverture de cette\npage sur un syst\u00e8me vuln\u00e9rable, du code arbitraire pourrait \u00eatre\nex\u00e9cuter \u00e0 l\u0027insu de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-037 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1754"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-292",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft Office Publisher 2007",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-037 du 10 juillet 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-037.mspx"
    }
  ]
}

CERTA-2007-AVI-292

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité a été identifiée dans l'application Publisher 2007, un composant disponible avec la suite bureautique Microsoft Office 2007.

Solution

Se référer au bulletin de sécurité MS07-037 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Vulnérabilité de Microsoft Office Publisher 2007 dans la suite bureautique Microsoft Office 2007.

Les versions précédentes de l'application ne seraient pas affectées par cette vulnérabilité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-037 du 10 juillet 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eVuln\u00e9rabilit\u00e9 de Microsoft Office Publisher 2007 dans la    suite bureautique Microsoft Office 2007.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes versions pr\u00e9c\u00e9dentes de l\u0027application ne seraient pas  affect\u00e9es par cette vuln\u00e9rabilit\u00e9.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027application Publisher 2007, un\ncomposant disponible avec la suite bureautique Microsoft Office 2007.\n\nCette derni\u00e8re n\u0027effacerait pas de mani\u00e8re satisfaisante les ressources\nen m\u00e9moire, au cours de l\u0027op\u00e9ration d\u0027\u00e9criture de donn\u00e9es entre le\ndisque et la m\u00e9moire. Plus pr\u00e9cis\u00e9ment, l\u0027erreur proviendrait de la\nbiblioth\u00e8que de conversion PUBCONV.DLL utilis\u00e9e par Publisher pour \u00ab\nconvertir \u00bb des documents produits par des versions ant\u00e9rieures de\nPublisher.\n\nUne personne malveillante pourrait donc construire une page .pub\nparticuli\u00e8re, exploitant cette vuln\u00e9rabilit\u00e9. A l\u0027ouverture de cette\npage sur un syst\u00e8me vuln\u00e9rable, du code arbitraire pourrait \u00eatre\nex\u00e9cuter \u00e0 l\u0027insu de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-037 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1754"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-292",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft Office Publisher 2007",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-037 du 10 juillet 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-037.mspx"
    }
  ]
}

FKIE_CVE-2007-1754

Vulnerability from fkie_nvd - Published: 2007-07-10 22:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
secure@microsoft.com	http://osvdb.org/35953
secure@microsoft.com	http://research.eeye.com/html/advisories/published/AD20070710.html
secure@microsoft.com	http://secunia.com/advisories/25988	Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/archive/1/473309/100/0/threaded
secure@microsoft.com	http://www.securitytracker.com/id?1018353
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/2479	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871
af854a3a-2127-422b-91ae-364da2661108	http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35953
af854a3a-2127-422b-91ae-364da2661108	http://research.eeye.com/html/advisories/published/AD20070710.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25988	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/473309/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018353
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2479	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871

Impacted products

	Vendor	Product	Version
	microsoft	publisher	2007

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "190A4DF4-EA93-4E18-BA96-7A7AC48831F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\"."
    },
    {
      "lang": "es",
      "value": "La biblioteca PUBCONV.DLL en Microsoft Office Publisher 2007 no borra apropiadamente la memoria al transferir datos del disco a la memoria, lo que permite a los atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de una p\u00e1gina .pub malformada mediante un valor negativo determinado, que omite un procedimiento de saneamiento que inicializa punteros cr\u00edticos a NULL, tambi\u00e9n se conoce como la \"Publisher Invalid Memory Reference Vulnerability\u201d."
    }
  ],
  "id": "CVE-2007-1754",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-10T22:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35953"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25988"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018353"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2479"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-1754

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1754

Aliases

CVE-2007-1754

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1754",
    "description": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\".",
    "id": "GSD-2007-1754"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1754"
      ],
      "details": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\".",
      "id": "GSD-2007-1754",
      "modified": "2023-12-13T01:21:39.529258Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-1754",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\"."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SSRT071446",
            "refsource": "HP",
            "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
          },
          {
            "name": "MS07-037",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
          },
          {
            "name": "1018353",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018353"
          },
          {
            "name": "http://research.eeye.com/html/advisories/published/AD20070710.html",
            "refsource": "MISC",
            "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
          },
          {
            "name": "ADV-2007-2479",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2479"
          },
          {
            "name": "oval:org.mitre.oval:def:1871",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
          },
          {
            "name": "TA07-191A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
          },
          {
            "name": "25988",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25988"
          },
          {
            "name": "35953",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35953"
          },
          {
            "name": "20070710 EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:publisher:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-1754"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://research.eeye.com/html/advisories/published/AD20070710.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
            },
            {
              "name": "SSRT071446",
              "refsource": "HP",
              "tags": [],
              "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
            },
            {
              "name": "TA07-191A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
            },
            {
              "name": "1018353",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018353"
            },
            {
              "name": "25988",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25988"
            },
            {
              "name": "ADV-2007-2479",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2479"
            },
            {
              "name": "35953",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35953"
            },
            {
              "name": "oval:org.mitre.oval:def:1871",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
            },
            {
              "name": "MS07-037",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
            },
            {
              "name": "20070710 EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:40Z",
      "publishedDate": "2007-07-10T22:30Z"
    }
  }
}

GHSA-7CHC-JMHV-G4M2

Vulnerability from github – Published: 2022-05-01 17:56 – Updated: 2022-05-01 17:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1754"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-10T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the \"Publisher Invalid Memory Reference Vulnerability\".",
  "id": "GHSA-7chc-jmhv-g4m2",
  "modified": "2022-05-01T17:56:46Z",
  "published": "2022-05-01T17:56:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1754"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871"
    },
    {
      "type": "WEB",
      "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35953"
    },
    {
      "type": "WEB",
      "url": "http://research.eeye.com/html/advisories/published/AD20070710.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25988"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/473309/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018353"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2479"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1754 (GCVE-0-2007-1754)

CERTA-2007-AVI-292

Description

Solution

CERTA-2007-AVI-292

Description

Solution

FKIE_CVE-2007-1754

GSD-2007-1754

GHSA-7CHC-JMHV-G4M2

Tags

Sightings

Nomenclature