SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#416001

Microsoft Office XP contains buffer overflow vulnerability

Overview

A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system.

I. Description

Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to Microsoft Office XP software. Please note that customers using Microsoft ISA 2004 as their web proxy are at less risk because ISA 2004 rejects the URL in question by default when handling proxy client requests.

For more information about this issue including the versions of Office affected and remediation techniques, please see MS05-005.

II. Impact

If a remote attacker can persuade a user to access a specially crafted HTML file or hyperlink using a vulnerable Office application, that attacker may be able to execute arbitrary code.

III. Solution

Apply Patch


Microsoft has released Microsoft Security Bulletin MS05-005 to address this issue.

Do Not Access Unsolicited HTML Files or Click Unsolicited Hyperlinks

By only accessing HTML file or clicking hyperlinks form known or trusted sources, the chances of exploitation are reduced.

Systems Affected

VendorStatusDate Updated
Microsoft CorporationVulnerable8-Feb-2005

References


http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx

Credit

This vulnerability was reported in Microsoft Security Bulletin MS05-005. Microsoft credits Rafel Ivgi for providing information regarding this vulnerability.

This document was written by Jeff Gennari based on information from Microsoft Security Bulletin MS05-005.

Other Information

Date Public02/08/2005
Date First Published02/08/2005 07:10:11 PM
Date Last Updated02/09/2005
CERT Advisory 
CVE-ID(s)CAN-2004-0848
NVD-ID(s)CAN-2004-0848
US-CERT Technical Alerts 
Metric14.63
Document Revision28

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader