⚠️ CISA Known Exploited Vulnerability
Active ThreatThis vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
CVE-2007-0671
High CISA KEV
Low
Medium
High
Critical
8.8
CVSS Score
Vulnerability Description
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
34 configuration(s) from 1 vendor(s)
excel
Version:
2002
CPE:
cpe:2.3:a:microsoft:excel:2002:gold:*:*:*:*:*:*
powerpoint
Version:
2000
CPE:
cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*
excel
Version:
2000
CPE:
cpe:2.3:a:microsoft:excel:2000:gold:*:*:*:*:*:*
word
Version:
2003
CPE:
cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
excel
Version:
2003
CPE:
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
word
Version:
2002
CPE:
cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
publisher
Version:
2000
CPE:
cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*
powerpoint
Version:
2003
CPE:
cpe:2.3:a:microsoft:powerpoint:2003:sp1:*:*:*:*:*:*
access
Version:
2003
CPE:
cpe:2.3:a:microsoft:access:2003:sp1:*:*:*:*:*:*
office
Version:
2004
CPE:
cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*
frontpage
Version:
2002
CPE:
cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*
project
Version:
2002
CPE:
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
project
Version:
2000
CPE:
cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*
project
Version:
2003
CPE:
cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
publisher
Version:
2003
CPE:
cpe:2.3:a:microsoft:publisher:2003:sp3:*:*:*:*:*:*
outlook
Version:
2002
CPE:
cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*
onenote
Version:
2003
CPE:
cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*
outlook
Version:
2000
CPE:
cpe:2.3:a:microsoft:outlook:2000:sp4:*:*:*:*:*:*
frontpage
Version:
2003
CPE:
cpe:2.3:a:microsoft:frontpage:2003:sp3:*:*:*:*:*:*
visio
Version:
2003
CPE:
cpe:2.3:a:microsoft:visio:2003:*:*:*:professional:*:*:*
office
Version:
2003
CPE:
cpe:2.3:a:microsoft:office:2003:sp2:*:pt:*:*:*:*
excel_viewer
Version:
2003
CPE:
cpe:2.3:a:microsoft:excel_viewer:2003:-:*:*:*:*:*:*
word
Version:
2000
CPE:
cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*
word_viewer
Version:
2003
CPE:
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
publisher
Version:
2002
CPE:
cpe:2.3:a:microsoft:publisher:2002:sp3:*:*:*:*:*:*
access
Version:
2000
CPE:
cpe:2.3:a:microsoft:access:2000:sr1:*:*:*:*:*:*
office
Version:
2000
CPE:
cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*
office
Version:
xp
CPE:
cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
visio
Version:
2002
CPE:
cpe:2.3:a:microsoft:visio:2002:*:*:*:professional:*:*:*
access
Version:
2002
CPE:
cpe:2.3:a:microsoft:access:2002:sp1:*:*:*:*:*:*
powerpoint
Version:
2002
CPE:
cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
infopath
Version:
2003
CPE:
cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*
outlook
Version:
2003
CPE:
cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*
frontpage
Version:
2000
CPE:
cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*
This vulnerability affects 34 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://osvdb.org/31901secure@microsoft.com Broken Link
-
http://secunia.com/advisories/24008secure@microsoft.com Vendor Advisory Broken Link
-
http://securitytracker.com/id?1017584secure@microsoft.com Broken Link
-
http://vil.nai.com/vil/content/v_141393.htmsecure@microsoft.com Broken Link
-
http://www.avertlabs.com/research/blog/?p=191secure@microsoft.com Broken Link
-
http://www.kb.cert.org/vuls/id/613740secure@microsoft.com US Government Resource
-
http://www.microsoft.com/technet/security/advisory/932553.mspxsecure@microsoft.com Vendor Advisory Broken Link
-
http://www.securityfocus.com/bid/22383secure@microsoft.com Broken Link
-
http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlsecure@microsoft.com US Government Resource Broken Link
-
http://www.vupen.com/english/advisories/2007/0463secure@microsoft.com Vendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015secure@microsoft.com Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32178secure@microsoft.com Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301secure@microsoft.com Broken Link
-
http://osvdb.org/31901af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://secunia.com/advisories/24008af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory Broken Link
-
http://securitytracker.com/id?1017584af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://vil.nai.com/vil/content/v_141393.htmaf854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.avertlabs.com/research/blog/?p=191af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.kb.cert.org/vuls/id/613740af854a3a-2127-422b-91ae-364da2661108 US Government Resource
-
http://www.microsoft.com/technet/security/advisory/932553.mspxaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory Broken Link
-
http://www.securityfocus.com/bid/22383af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlaf854a3a-2127-422b-91ae-364da2661108 US Government Resource Broken Link
-
http://www.vupen.com/english/advisories/2007/0463af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32178af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A301af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015134c704f-9b21-4f2e-91b3-4a467353bcc0 Vendor Advisory
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-0671134c704f-9b21-4f2e-91b3-4a467353bcc0 US Government Resource
Severity Details
8.8
out of 10.0
High
CISA KEV Status
Active Exploitation
Listed in CISA's Known Exploited Vulnerabilities catalog
Key Information
- Published Date
- February 03, 2007
