Microsoft Office XP URL buffer overflow

ms-url-bo (19107) The risk level is classified as HighHigh Risk

Description:

Microsoft Office XP and other products could allow a remote attacker to execute arbitrary code, caused by a buffer overflow in the process that passes URL file locations to the Office XP software. A remote attacker could send a specially-crafted URL request to overflow a buffer and execute arbitrary code on the system, with privileges of the victim. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.


Consequences:

Gain Access

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-005. See References.

References:

  • CIAC Information Bulletin P-130: Microsoft Vulnerability in Microsoft Office XP.
  • Microsoft Security Bulletin MS05-005: Vulnerability in Microsoft Office XP could lead to Buffer Overrun (873352).
  • BID-12480: Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability
  • CVE-2004-0848: Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) %00 (null byte) in .doc filenames or (2) %0a (carriage return) in .rtf filenames.
  • US-CERT VU#416001: Microsoft Office XP contains buffer overflow vulnerability

Platforms Affected:

  • Microsoft Office XP SP2
  • Microsoft Office XP SP3
  • Microsoft PowerPoint 2002
  • Microsoft Project 2002
  • Microsoft Visio 2002
  • Microsoft Word 2002
  • Microsoft Works 2002
  • Microsoft Works 2003
  • Microsoft Works 2004

Reported:

Feb 08, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page