CVE-2007-2496

Name of the Vulnerable Software and Affected Versions WordViewer.ocx version 3.2.0.5

Description The issue allows remote attackers to cause a denial of service, specifically an Internet Explorer 7 crash, by exploiting the WordOCX ActiveX control in WordViewer.ocx. This can be achieved through a long value in various properties, including DoOleCommand, FTPDownloadFile, FTPUploadFile, HttpUploadFile, GotoPage, Save, SaveWebFile, HttpDownloadFile, Open, OpenWebFile, SaveAs, or ShowWordStandardDialog.

Recommendations For WordViewer.ocx version 3.2.0.5, consider restricting the use of the WordOCX ActiveX control to minimize the risk of exploitation. As a temporary workaround, avoid using long property values in the affected properties until a patch is available.