ID CVE-2004-0573
Summary Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-01-20T04:01:18.900-05:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Dragos Prisaca
      organization G2, Inc.
    description Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
    family windows
    id oval:org.mitre.oval:def:2670
    status accepted
    submitted 2004-09-28T12:00:00.000-04:00
    title Office 2000 WordPerfect Converter Buffer Overflow
    version 10
  • accepted 2014-01-20T04:01:19.026-05:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    comment Microsoft Office 2003 is installed
    oval oval:org.mitre.oval:def:233
    description Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
    family windows
    id oval:org.mitre.oval:def:3311
    status accepted
    submitted 2004-09-23T12:00:00.000-04:00
    title Office 2003 WordPerfect Converter Buffer Overflow
    version 11
  • accepted 2014-01-20T04:01:19.137-05:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    description Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
    family windows
    id oval:org.mitre.oval:def:3333
    status accepted
    submitted 2004-09-22T12:00:00.000-04:00
    title Office XP, SP3 WordPerfect Converter Buffer Overflow
    version 9
  • accepted 2014-01-20T04:01:19.205-05:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    description Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
    family windows
    id oval:org.mitre.oval:def:4005
    status accepted
    submitted 2004-09-22T12:00:00.000-04:00
    title Office XP, SP2 WordPerfect Converter Buffer Overflow
    version 9
  • accepted 2007-11-13T12:01:18.060-05:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    description The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
    family windows
    id oval:org.mitre.oval:def:5021
    status accepted
    submitted 2004-10-13T12:21:00.000-04:00
    title Vulnerability in NNTP Could Allow Remote Code Execution
    version 30
refmap via4
bugtraq 20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability
cert-vn VU#449438
ms MS04-027
sectrack
  • 1011249
  • 1011250
  • 1011251
  • 1011252
secunia 12529
xf wordperfect-converter-message-bo(17306)
Last major update 30-10-2018 - 16:25
Published 28-09-2004 - 04:00
Back to Top