Microsoft Office XP URL buffer overflow

ms-url-bo (19107)

High Risk

Description:

Microsoft Office XP and other products could allow a remote attacker to execute arbitrary code, caused by a buffer overflow in the process that passes URL file locations to the Office XP software. A remote attacker could send a specially-crafted URL request to overflow a buffer and execute arbitrary code on the system, with privileges of the victim. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.

Platforms Affected:

• Microsoft, Office XP SP3
• Microsoft, Office XP SP2
• Microsoft, PowerPoint 2002
• Microsoft, Project 2002
• Microsoft, Visio 2002
• Microsoft, Word 2002
• Microsoft, Works 2002
• Microsoft, Works 2003
• Microsoft, Works 2004

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-005. See References.

Consequences:

Gain Access

References:

• CIAC Information Bulletin P-130, Microsoft Vulnerability in Microsoft Office XP at http://www.ciac.org/ciac/bulletins/p-130.shtml.
• Microsoft Security Bulletin MS05-005, Vulnerability in Microsoft Office XP could lead to Buffer Overrun (873352) at http://www.microsoft.com/technet/security/Bulletin/MS05-005.mspx.
• BID-12480: Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability
• CVE-2004-0848: Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) %00 (null byte) in .doc filenames or (2) %0a (carriage return) in .rtf filenames.
• US-CERT VU#416001: Microsoft Office XP contains buffer overflow vulnerability

Reported:

Feb 08, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page