Vulnerabilities > CVE-2004-0963 - Unspecified vulnerability in Microsoft Word 2002
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-023.NASL |
description | The remote host is running a version of Microsoft Word that could allow arbitrary code to be run. To succeed, the attacker would have to send a rogue Word file to a user of the remote computer and have it open it. Then the macros contained in the Word file would bypass the security model of Word, and would be executed. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18026 |
published | 2005-04-12 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18026 |
title | MS05-023: Vulnerability in Word May Lead to Code Execution (890169) |
code |
|
Oval
accepted 2012-05-28T04:01:23.493-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. family windows id oval:org.mitre.oval:def:1795 status accepted submitted 2005-09-15T04:00:00.000-04:00 title Word 2003 Malicious .doc Buffer Overflow version 5 accepted 2012-05-28T04:01:29.768-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. family windows id oval:org.mitre.oval:def:2105 status accepted submitted 2005-09-15T04:00:00.000-04:00 title Word 2002 Malicious .doc Buffer Overflow version 5 accepted 2012-05-28T04:01:32.140-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. family windows id oval:org.mitre.oval:def:2216 status accepted submitted 2005-09-15T04:00:00.000-04:00 title Word 2000 Malicious .doc Buffer Overflow version 5 accepted 2013-02-18T04:00:19.351-05:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Chris Wood organization Assuria Ltd. name Sharath S organization SecPod Technologies name Shane Shaffer organization G2, Inc. name Sergey Artykhov organization ALTX-SOFT
description Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. family windows id oval:org.mitre.oval:def:420 status accepted submitted 2005-09-15T04:00:00.000-04:00 title Word 2003 (wordview) Malicious .doc Buffer Overflow version 11
References
- http://marc.info/?l=bugtraq&m=109716247230733&w=2
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-023
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17635
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1795
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2105
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A420