Vulnerabilities > CVE-2004-0848 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 22 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-005.NASL |
description | The remote host is running a version of Microsoft Office that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a specially crafted file to a user on the remote host and wait for him to open it using Microsoft Office. When opening the malformed file, Microsoft Office will encounter a buffer overflow which may be exploited to execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16332 |
published | 2005-02-09 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16332 |
title | MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) |
code |
|
Oval
accepted 2007-02-20T13:40:08.188-05:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name John Hoyland organization Centennial Software name John Hoyland organization Centennial Software
description Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. family windows id oval:org.mitre.oval:def:2348 status accepted submitted 2005-03-29T12:00:00.000-04:00 title Windows Project Professional URL Buffer Overflow version 7 accepted 2005-05-04T12:33:00.000-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation description Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. family windows id oval:org.mitre.oval:def:2738 status accepted submitted 2005-03-29T12:00:00.000-04:00 title Microsoft Office Visio Professional URL Buffer Overflow version 5 accepted 2006-10-07T09:15:46.501-04:00 class vulnerability contributors name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Anna Min organization BigFix, Inc
description Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. family windows id oval:org.mitre.oval:def:4022 status accepted submitted 2005-02-10T12:00:00.000-04:00 title Office XP URL Buffer Overflow version 6
References
- http://www.kb.cert.org/vuls/id/416001
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19107
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022