VDB
CVE-2004-0848
CVE-2004-0848
PUBLISHED
CVSS 7.5 HIGH
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
EPSS 43.04% · 97.6th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
43.04%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | powerpoint | 2002, 2002, 2002 |
| microsoft | works | 2002, 2004, 2003 |
| n/a | n/a | n/a |
| microsoft | visio | 2002, 2002, 2002 |
| microsoft | office | *, xp, xp |
| microsoft | word | 2002, 2002, 2002 |
| microsoft | project | 2002, 2002 |
Timeline
- Feb 8, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- VU#416001 third-party-advisory
- MS05-005 vendor-advisory
- oval:org.mitre.oval:def:2738 vdb
- oval:org.mitre.oval:def:2348 vdb
- TA05-039A third-party-advisory
- oval:org.mitre.oval:def:4022 vdb
- ms-url-bo(19107) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0848 advisory