CVE-2004-0848: Buffer Overflow
First published: Tue Feb 08 2005(Updated: )
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | ||
| Microsoft Office | =xp-sp1 | |
| Microsoft Office | =xp-sp2 | |
| Microsoft Office | =xp-sp3 | |
| Microsoft PowerPoint 2010 | =2002 | |
| Microsoft PowerPoint 2010 | =2002-sp1 | |
| Microsoft PowerPoint 2010 | =2002-sp2 | |
| Microsoft PowerPoint 2010 | =2002-sp3 | |
| Microsoft Project 2013 | =2002 | |
| Microsoft Project 2013 | =2002-sp1 | |
| Microsoft Visio Standard | =2002 | |
| Microsoft Visio Standard | =2002-sp1 | |
| Microsoft Visio Standard | =2002-sp2 | |
| Microsoft Visio Standard | =2002-sp2 | |
| Microsoft Visio Standard | =2002-sp2 | |
| Microsoft Office Word | =2002 | |
| Microsoft Office Word | =2002-sp1 | |
| Microsoft Office Word | =2002-sp2 | |
| Microsoft Office Word | =2002-sp3 | |
| Microsoft Works Suite | =2002 | |
| Microsoft Works Suite | =2003 | |
| Microsoft Works Suite | =2004 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/416001
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19107
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022
Frequently Asked Questions
What is the severity of CVE-2004-0848?
CVE-2004-0848 has been rated as high severity due to the potential for remote code execution.
How do I fix CVE-2004-0848?
To fix CVE-2004-0848, you should apply the latest security updates provided by Microsoft for affected software.
Which versions of Microsoft software are affected by CVE-2004-0848?
CVE-2004-0848 affects Microsoft Office XP, Microsoft Word, Microsoft Visio, Microsoft PowerPoint, and Microsoft Project versions 2002.
What are the attack vectors for CVE-2004-0848?
CVE-2004-0848 can be exploited via crafted .doc or .rtf files containing long inputs terminated with a null byte or carriage return.
Can CVE-2004-0848 be exploited remotely?
Yes, CVE-2004-0848 allows remote attackers to execute arbitrary code through maliciously crafted files.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/tags
- agent/softwarecombine
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/xp-sp1
- version/microsoft office/xp-sp2
- version/microsoft office/xp-sp3
- canonical/microsoft powerpoint 2010
- version/microsoft powerpoint 2010/2002
- version/microsoft powerpoint 2010/2002-sp1
- version/microsoft powerpoint 2010/2002-sp2
- version/microsoft powerpoint 2010/2002-sp3
- canonical/microsoft project 2013
- version/microsoft project 2013/2002
- version/microsoft project 2013/2002-sp1
- canonical/microsoft visio standard
- version/microsoft visio standard/2002
- version/microsoft visio standard/2002-sp1
- version/microsoft visio standard/2002-sp2
- canonical/microsoft office word
- version/microsoft office word/2002
- version/microsoft office word/2002-sp1
- version/microsoft office word/2002-sp2
- version/microsoft office word/2002-sp3
- canonical/microsoft works suite
- version/microsoft works suite/2002
- version/microsoft works suite/2003
- version/microsoft works suite/2004