CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.3%
Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user.
Microsoft Word contains a buffer overflow vulnerability that may be exploited by opening a maliciously-crafted word document. Successful exploitation would allow arbitrary code execution on the system with the privileges of the current user. If a user has configured applications to automatically open files, and these applications receive document data from remote sources, then this vulnerability may permit a remote attacker a vector by which to compromise the system.
For a current list of systems affected and more details regarding this vulnerability and its resolution, please see Microsoft’s Security Bulletin MS05-023. This bulletin discusses both this vulnerability and a separate buffer overflow vulnerability in Microsoft Word.
Exploitation of this vulnerability may result in the execution of code on the system with the privileges of the current user. If a remote attacker can trick a local user into opening un-trustworthy content, then the remote attacker may have code executed with the privileges of the local user.
Please see Microsoft’s Security Bulletin MS005-023 for the resolution to this vulnerability.
Do not open any content that you do not trust, or have not validated, especially content originating from remote sources such as email or web sites. Doing so may put the security and integrity of your system at risk.
752591
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 12, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Microsoft’s Security Bulletin MS005-023 for the resolution to this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23752591 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms05-023.mspx>
Thanks to Microsoft for reporting this vulnerability.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2005-0558 |
---|---|
Severity Metric: | 4.81 Date Public: |