CVE-2007-3678

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-3678
Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name.

7.6 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://osvdb.org/37890
http://secunia.com/advisories/25994 Vendor Advisory
http://vuln.sg/quarkxpress72-en.html Exploit
http://www.securityfocus.com/bid/24872
http://www.securitytracker.com/id?1018385
http://www.vupen.com/english/advisories/2007/2504
https://exchange.xforce.ibmcloud.com/vulnerabilities/35369
http://osvdb.org/37890
http://secunia.com/advisories/25994 Vendor Advisory
http://vuln.sg/quarkxpress72-en.html Exploit
http://www.securityfocus.com/bid/24872
http://www.securitytracker.com/id?1018385
http://www.vupen.com/english/advisories/2007/2504
https://exchange.xforce.ibmcloud.com/vulnerabilities/35369
Configurations

Configuration 1 (hide)

cpe:2.3:a:quark:quarkxpress:7.2:*:windows:*:*:*:*:*
History

21 Nov 2024, 00:33

Type Values Removed Values Added
References () http://osvdb.org/37890 - () http://osvdb.org/37890 -
References () http://secunia.com/advisories/25994 - Vendor Advisory () http://secunia.com/advisories/25994 - Vendor Advisory
References () http://vuln.sg/quarkxpress72-en.html - Exploit () http://vuln.sg/quarkxpress72-en.html - Exploit
References () http://www.securityfocus.com/bid/24872 - () http://www.securityfocus.com/bid/24872 -
References () http://www.securitytracker.com/id?1018385 - () http://www.securitytracker.com/id?1018385 -
References () http://www.vupen.com/english/advisories/2007/2504 - () http://www.vupen.com/english/advisories/2007/2504 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/35369 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/35369 -
Information

Published : 2007-07-11 16:30

Updated : 2024-11-21 00:33

NVD link : CVE-2007-3678

Mitre link : CVE-2007-3678

CVE.ORG link : CVE-2007-3678

JSON object : View

Products Affected

quark

  • quarkxpress
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer