Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:752591
HistoryApr 12, 2005 - 12:00 a.m.

Microsoft Word contains a buffer overflow vulnerability

2005-04-1200:00:00
www.kb.cert.org
16

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.056

Percentile

93.3%

JSON

Overview

Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user.

Description

Microsoft Word contains a buffer overflow vulnerability that may be exploited by opening a maliciously-crafted word document. Successful exploitation would allow arbitrary code execution on the system with the privileges of the current user. If a user has configured applications to automatically open files, and these applications receive document data from remote sources, then this vulnerability may permit a remote attacker a vector by which to compromise the system.

For a current list of systems affected and more details regarding this vulnerability and its resolution, please see Microsoft’s Security Bulletin MS05-023. This bulletin discusses both this vulnerability and a separate buffer overflow vulnerability in Microsoft Word.

Impact

Exploitation of this vulnerability may result in the execution of code on the system with the privileges of the current user. If a remote attacker can trick a local user into opening un-trustworthy content, then the remote attacker may have code executed with the privileges of the local user.

Solution

Please see Microsoft’s Security Bulletin MS005-023 for the resolution to this vulnerability.

Do not open any content that you do not trust, or have not validated, especially content originating from remote sources such as email or web sites. Doing so may put the security and integrity of your system at risk.

Vendor Information

752591

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: April 12, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft’s Security Bulletin MS005-023 for the resolution to this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23752591 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms05-023.mspx&gt;

Acknowledgements

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2005-0558
Severity Metric: 4.81 Date Public:

Related

cvelist 1
nvd 1
cve 1
nessus 1
securityvulns 1
cvelist
cvelist
CVE-2005-0558
2005-04-13 04:00:00
nvd
nvd
CVE-2005-0558
2005-05-02 04:00:00
cve
cve
CVE-2005-0558
2005-05-02 04:00:00
nessus
nessus
MS05-023: Vulnerability in Word May Lead to Code Execution (890169)
2005-04-12 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution &#40;890169&#41;
2005-04-13 00:00:00

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.056

Percentile

93.3%

JSON
Related for VU:752591
cvelist1nvd1cve1nessus1securityvulns1