Описание
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
Ссылки
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2002:sp2:professional:*:*:*:*:*
cpe:2.3:a:microsoft:visio:2002:sp2:standard:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.42122
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
EPSS
Процентиль: 97%
0.42122
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other