Buffer Overflow Vulnerability in Microsoft Office XP
CVE-2004-0848

Currently unrated

Key Information:

Vendor: Microsoft
Status: Word; Visio; Project; Powerpoint
Vendor: CVE Published:; 8 February 2005

Summary

A buffer overflow vulnerability in Microsoft Office XP can be exploited by remote attackers. This occurs through specially crafted URLs linked to document files. Specifically, attackers can execute arbitrary code via long inputs following a null byte (%00) in .doc filenames or a carriage return (%0a) in .rtf filenames. This loophole poses a significant risk for users, making it critical to apply the necessary patches and updates.

References

http://www.kb.cert.org/vuls/id/416001

third-party-advisoryx_refsource_CERT-VN

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

37% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 8, 2005
Vulnerability Reserved
Sep 8, 2004