Unrated severityNVD Advisory· Published May 8, 2007· Updated Apr 23, 2026

CVE-2007-1202

Description

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

Affected products

Microsoft/Word4 versions
cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2003:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2004:*:mac:*:*:*:*:*
Microsoft/Word Viewer
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
Microsoft/Works3 versions
cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

labs.idefense.com/intelligence/vulnerabilities/display.phpnvdPatch
www.securityfocus.com/bid/23836nvdPatch
www.securitytracker.com/idnvdPatch
www.vupen.com/english/advisories/2007/1709nvdVendor Advisory
www.kb.cert.org/vuls/id/555489nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA07-128A.htmlnvdUS Government Resource
www.osvdb.org/34388nvd
www.securityfocus.com/archive/1/468871/100/200/threadednvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-024nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1900nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.051
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000