Office OCX WordViewer.OCX Word Viewer ActiveX Multiple Vulnerabilities

Bugtraq ID:	23784
Class:	Unknown
CVE:	CVE-2007-2496
Remote:	Yes
Local:	No
Published:	May 03 2007 12:00AM
Updated:	Jun 24 2009 01:59PM
Credit:	shinnai is credited with the discovery of these vulnerabilities.
Vulnerable:	Office OCX Word Viewer 3.2.0.5 Office OCX Word Viewer 3.2
Not Vulnerable:

Office OCX WordViewer.OCX Word Viewer ActiveX Multiple Vulnerabilities

Word Viewer ActiveX control is prone to multiple denial-of-service and code-execution vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may also execute arbitrary code in the context of an affected user.

Word Viewer ActiveX Control 3.2.0.5 is reported vulnerable; other versions may also be affected.

Office OCX WordViewer.OCX Word Viewer ActiveX Multiple Vulnerabilities

A proof of concept is available.

NOTE: Reports indicate that one of these issues is being exploited in the wild.

• /data/vulnerabilities/exploits/Word_Viewer_ActiveX_exp.txt

Office OCX WordViewer.OCX Word Viewer ActiveX Multiple Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Office OCX WordViewer.OCX Word Viewer ActiveX Multiple Vulnerabilities

References:

• Another Messy Mass Compromise Emerges (Trend Micro)
  
• Word Viewer (Office OCX)
  
• WordViewer.ocx 3.2 multiple methods DoS (shinnai)