Overview
Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user.
Description
Microsoft Word contains a buffer overflow vulnerability that may be exploited by opening a maliciously-crafted word document. Successful exploitation would allow arbitrary code execution on the system with the privileges of the current user. If a user has configured applications to automatically open files, and these applications receive document data from remote sources, then this vulnerability may permit a remote attacker a vector by which to compromise the system. For a current list of systems affected and more details regarding this vulnerability and its resolution, please see Microsoft's Security Bulletin MS05-023. This bulletin discusses both this vulnerability and a separate buffer overflow vulnerability in Microsoft Word. |
Impact
Exploitation of this vulnerability may result in the execution of code on the system with the privileges of the current user. If a remote attacker can trick a local user into opening un-trustworthy content, then the remote attacker may have code executed with the privileges of the local user. |
Solution
Please see Microsoft's Security Bulletin MS005-023 for the resolution to this vulnerability. |
Do not open any content that you do not trust, or have not validated, especially content originating from remote sources such as email or web sites. Doing so may put the security and integrity of your system at risk. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Microsoft for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | CVE-2005-0558 |
| Severity Metric: | 4.81 |
| Date Public: | 2005-04-12 |
| Date First Published: | 2005-04-12 |
| Date Last Updated: | 2005-04-14 14:08 UTC |
| Document Revision: | 6 |