CVE-2007-6329

medium Microsoft
CVSS v3 Base Score
6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS Score
24.2%
Exploitation probability in 30 days
Top 4% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
None
Published: December 13, 2007 (6726 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.

CWE

CWE-255

Affected Products

microsoft office

References

🔗 osvdb.org 🔗 securityreason.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com