Vulnerabilities > CVE-2005-0564 - Unspecified vulnerability in Microsoft Word 2000/2002
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-035.NASL |
description | The remote host is running a version of Microsoft Word that is subject to a flaw that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue Word file to a user of the remote computer and have him open it. Then a bug in the font parsing handler would result in code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18679 |
published | 2005-07-12 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18679 |
title | MS05-035: Vulnerability in Word May Lead to Code Execution (903672) |
code |
|
Oval
accepted 2012-05-28T04:00:10.941-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Brendan Miles organization The MITRE Corporation name Shane Shaffer organization G2, Inc.
description Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. family windows id oval:org.mitre.oval:def:1190 status accepted submitted 2005-07-21T04:00:00.000-04:00 title Microsoft Word 2002 Font Parsing Vulnerability version 7 accepted 2012-05-28T04:00:28.805-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. family windows id oval:org.mitre.oval:def:1331 status accepted submitted 2005-07-21T12:00:00.000-04:00 title Microsoft Word 2000 Font Parsing Vulnerability version 6
References
- http://www.idefense.com/application/poi/display?id=281&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/218621
- http://www.us-cert.gov/cas/techalerts/TA05-193A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-035
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1190
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1331