Overview
A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to Microsoft Office XP software. Please note that customers using Microsoft ISA 2004 as their web proxy are at less risk because ISA 2004 rejects the URL in question by default when handling proxy client requests. For more information about this issue including the versions of Office affected and remediation techniques, please see MS05-005. |
Impact
If a remote attacker can persuade a user to access a specially crafted HTML file or hyperlink using a vulnerable Office application, that attacker may be able to execute arbitrary code. |
Solution
Apply Patch |
Do Not Access Unsolicited HTML Files or Click Unsolicited Hyperlinks |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Microsoft Security Bulletin MS05-005. Microsoft credits Rafel Ivgi for providing information regarding this vulnerability.
This document was written by Jeff Gennari based on information from Microsoft Security Bulletin MS05-005.
Other Information
| CVE IDs: | CVE-2004-0848 |
| Severity Metric: | 14.63 |
| Date Public: | 2005-02-08 |
| Date First Published: | 2005-02-09 |
| Date Last Updated: | 2005-02-09 18:52 UTC |
| Document Revision: | 28 |