Lucene search

MitreCVE-2004-0848

HistoryFeb 08, 2005 - 5:00 a.m.

CVE-2004-0848

2005-02-0805:00:00

mitre

web.nvd.nist.gov

cve-2004-0848

buffer overflow

microsoft office xp

remote code execution

url file location

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.482

Percentile

97.5%

JSON

Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) “%0a” (carriage return) in .rtf filenames.

Affected configurations

Nvd

Node

microsoftoffice

microsoftofficeMatchxpsp1

microsoftofficeMatchxpsp2

microsoftofficeMatchxpsp3

microsoftpowerpointMatch2002

microsoftpowerpointMatch2002sp1

microsoftpowerpointMatch2002sp2

microsoftpowerpointMatch2002sp3

microsoftprojectMatch2002

microsoftprojectMatch2002sp1

microsoftvisioMatch2002

microsoftvisioMatch2002sp1

microsoftvisioMatch2002sp2

microsoftvisioMatch2002sp2professional

microsoftvisioMatch2002sp2standard

microsoftwordMatch2002

microsoftwordMatch2002sp1

microsoftwordMatch2002sp2

microsoftwordMatch2002sp3

microsoftworksMatch2002

microsoftworksMatch2003

microsoftworksMatch2004

VendorProductVersionCPE
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftofficexpcpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
microsoftofficexpcpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
microsoftofficexpcpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
microsoftpowerpoint2002cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*
microsoftpowerpoint2002cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
microsoftpowerpoint2002cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*
microsoftpowerpoint2002cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*
microsoftproject2002cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*
microsoftproject2002cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	xp	cpe:2.3:a:microsoft:office:xp:sp1::::::
microsoft	office	xp	cpe:2.3:a:microsoft:office:xp:sp2::::::
microsoft	office	xp	cpe:2.3:a:microsoft:office:xp:sp3::::::
microsoft	powerpoint	2002	cpe:2.3:a:microsoft:powerpoint:2002:::::::*
microsoft	powerpoint	2002	cpe:2.3:a:microsoft:powerpoint:2002:sp1::::::
microsoft	powerpoint	2002	cpe:2.3:a:microsoft:powerpoint:2002:sp2::::::
microsoft	powerpoint	2002	cpe:2.3:a:microsoft:powerpoint:2002:sp3::::::
microsoft	project	2002	cpe:2.3:a:microsoft:project:2002:::::::*
microsoft	project	2002	cpe:2.3:a:microsoft:project:2002:sp1::::::

Rows per page:

1-10 of 221

References

www.kb.cert.org/vuls/id/416001

www.us-cert.gov/cas/techalerts/TA05-039A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005

exchange.xforce.ibmcloud.com/vulnerabilities/19107

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.482

Percentile

97.5%

JSON

Related for CVE-2004-0848