CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.5%
A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system.
Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to Microsoft Office XP software. Please note that customers using Microsoft ISA 2004 as their web proxy are at less risk because ISA 2004 rejects the URL in question by default when handling proxy client requests.
For more information about this issue including the versions of Office affected and remediation techniques, please see MS05-005.
If a remote attacker can persuade a user to access a specially crafted HTML file or hyperlink using a vulnerable Office application, that attacker may be able to execute arbitrary code.
Apply Patch
Microsoft has released Microsoft Security Bulletin MS05-005 to address this issue.
Do Not Access Unsolicited HTML Files or Click Unsolicited Hyperlinks
By only accessing HTML file or clicking hyperlinks form known or trusted sources, the chances of exploitation are reduced.
416001
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 08, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Microsoft Security Bulletin MS05-005.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23416001 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx>
This vulnerability was reported in Microsoft Security Bulletin MS05-005. Microsoft credits Rafel Ivgi for providing information regarding this vulnerability.
This document was written by Jeff Gennari based on information from Microsoft Security Bulletin MS05-005.
CVE IDs: | CVE-2004-0848 |
---|---|
Severity Metric: | 14.63 Date Public: |