Buffer Overflow Vulnerability in Microsoft Word 6.0 Converter for Windows
CVE-2004-0901

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows Xp; Windows 2003 Server; Windows 2000
Vendor: CVE Published:; 10 January 2005

Summary

The Microsoft Word for Windows 6.0 Converter component improperly validates data lengths during font conversion. This vulnerability could allow remote attackers to execute arbitrary code by sending specially crafted .wri, .rtf, or .doc files via email or from malicious websites, effectively compromising systems using affected versions of Word and WordPad.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.ciac.org/ciac/bulletins/p-055.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Sep 22, 2004