Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:416001
HistoryFeb 09, 2005 - 12:00 a.m.

Microsoft Office XP contains buffer overflow vulnerability

2005-02-0900:00:00
www.kb.cert.org
7

0.559 Medium

EPSS

Percentile

97.7%

JSON

Overview

A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to Microsoft Office XP software. Please note that customers using Microsoft ISA 2004 as their web proxy are at less risk because ISA 2004 rejects the URL in question by default when handling proxy client requests.

For more information about this issue including the versions of Office affected and remediation techniques, please see MS05-005.

Impact

If a remote attacker can persuade a user to access a specially crafted HTML file or hyperlink using a vulnerable Office application, that attacker may be able to execute arbitrary code.

Solution

Apply Patch

Microsoft has released Microsoft Security Bulletin MS05-005 to address this issue.

Do Not Access Unsolicited HTML Files or Click Unsolicited Hyperlinks

By only accessing HTML file or clicking hyperlinks form known or trusted sources, the chances of exploitation are reduced.

Vendor Information

416001

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: February 08, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft Security Bulletin MS05-005.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23416001 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx&gt;

Acknowledgements

This vulnerability was reported in Microsoft Security Bulletin MS05-005. Microsoft credits Rafel Ivgi for providing information regarding this vulnerability.

This document was written by Jeff Gennari based on information from Microsoft Security Bulletin MS05-005.

Other Information

CVE IDs: CVE-2004-0848
Severity Metric: 14.63 Date Public:

Related

securityvulns 1
checkpoint_advisories 1
nessus 1
cve 1
cvelist 1
securityvulns
securityvulns
Microsoft Security Bulletin MS05-005 Vulnerability in Microsoft Office XP could allow Remote Code Execution &#40;873352&#41;
2005-02-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Long HTML Link Processing Buffer Overflow - Ver2 (CVE-2004-0848)
2015-05-18 00:00:00
nessus
nessus
MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
2005-02-09 00:00:00
cve
cve
CVE-2004-0848
2005-02-08 05:00:00
cvelist
cvelist
CVE-2004-0848
2005-02-08 05:00:00

0.559 Medium

EPSS

Percentile

97.7%

JSON
Related for VU:416001
securityvulns1checkpoint_advisories1nessus1cve1cvelist1