Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6329

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-6329
Last Modified 15 Nov 2008 02:04:14
Published 13 Dec 2007 02:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6329

Summary

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.

Vulnerable Systems

Application

  • Microsoft Office 2007


References

BID - 26833

BUGTRAQ - 20071212 MS Office 2007: Digital Signature does not protect Meta-Data

OSVDB - 44938

XF - microsoftoffice-xml-weak-security(39021)

SREASON - 3443


Last Updated: 27 May 2016 10:46:28