CVE-2004-0901

Currently unrated

Key Information:

Vendor
Microsoft
Status
Windows Nt
Windows Xp
Windows 2003 Server
Windows 2000
Vendor
CVE Published:
10 January 2005

Summary

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.ciac.org/ciac/bulletins/p-055.shtml
third-party-advisorygovernment-resourcex_refsource_CIAC

EPSS Score

51% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.