PT-2007-7196 · Microsoft · Office
Published
2007-12-13
·
Updated
2018-10-15
·
CVE-2007-6329
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Office versions 12.0.6015.5000 through 12.0.6017.5000
Description
The issue allows remote attackers to modify certain metadata fields in Office Open XML (OOXML) documents. This is demonstrated by the ability to alter the
LastModifiedBy and creator fields in docProps/core.xml within the OOXML ZIP container.Recommendations
For versions 12.0.6015.5000 through 12.0.6017.5000, consider updating to a newer version that properly signs the metadata of OOXML documents to prevent unauthorized modifications.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Office