published date: February 8, 2005

CVE-2004-0848 : Buffer Overflow Vulnerability

Description

Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.

Product(s):

Microsoft Office
Microsoft Office for Android
Microsoft Office for iPhone OS
Microsoft Office for Universal
Microsoft Office 16.0.14326.21330 for Universal
Microsoft Office 16.0.14326.21606 for Universal
Microsoft Office 16.0.16026.20172 for Android
Microsoft Office 16.0.16130.20156 for Android
Microsoft Office 16.0.16827.20138 for Android
Microsoft Office 2.70.23021003 for iPhone OS
Microsoft Office 2000
Microsoft Office 2000 Japanese
Microsoft Office 2000 Korean
Microsoft Office 2000 Chinese
Microsoft Office 2000 sp1
Microsoft Office 2000 sp2
Microsoft Office 2000 sp3
Microsoft Office 2001
Microsoft Office 2001 SR1
Microsoft office_macos 2001 sr1
Microsoft Office 2002 SP3
Microsoft Office 2003
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2003 any student_teacher
Microsoft Office 2003 sp1
Microsoft Office 2003 sp2
Microsoft Office 2003 Service Pack 2 Brazilian Portuguese
Microsoft Office 2003 Service Pack 3
Microsoft Office 2004
Microsoft Office 2004 for Mac OS X
Microsoft Office 2004 for macOS
Microsoft Office 2004 Mac
Microsoft Office 2007
Microsoft Office 2007 Basic
Microsoft Office 2007 Enterprise
Microsoft Office 2007 Home and Student
Microsoft Office 2007 Mobile
Microsoft Office 2007 Professional
Microsoft Office 2007 Professional Plus
Microsoft Office 2007 Small Business
Microsoft Office 2007 Standard
Microsoft Office 2007 Ultimate
Microsoft Office 2007 Service Pack 1
Microsoft Office 2007 Professional SP1
Microsoft Office 2007 Service Pack 2
Microsoft Office 2007 Professional SP2
Microsoft Office 2007 Service Pack 3
Microsoft Office 2008 for macOS
Microsoft Office 2008 Mac
Microsoft Office 2010
Microsoft Office 2010 for x86 (32-bit Systems)
Microsoft Office 2010 Service Pack 1
Microsoft Office 2010 Service Pack 1 for 64 bit systems (x64)
Microsoft Office 2010 for x86 (32-bit Systems) Service Pack 1
Microsoft Office 2010 Service Pack 2
Microsoft Office 2010 Service Pack 2 on X64
Microsoft Office 2010 Service Pack 2 on X86
Microsoft Office 2010 Service Pack 2 for 64 bit systems (x64)
Microsoft Office 2010 Service Pack 2 for 32 bit systems (x86)
Microsoft Office 2011 Mac
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2013 Click-to-Run (C2R)
Microsoft Office 2013 RT Edition
Microsoft Office 2013 x64 (64-bit)
Microsoft Office 2013 x86 (32-bit)
Microsoft Office 2013 SP1
Microsoft Office 2013 Service Pack 1 x64 (64-bit)
Microsoft Office 2013 Service Pack 1 on X86
Microsoft Office 2013 RT SP1
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 Service Pack 1 RT Edition
Microsoft Office 2013 Service Pack 2 on X86
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Office 2016 x64 (64-bit)
Microsoft Office 2016 on x86
Microsoft Office 2016 for Mac OS
Microsoft Office 2016 for Mac OS X
Microsoft Office 2016 for MacOS
Microsoft Office 2016 Click-to-Run (C2R)
Microsoft Office 2016 Click-to-Run (C2R) x64 (64-bit)
Microsoft Office 2016 MacOS Edition
Microsoft Office 2016 Mac OS Edition
Microsoft Office 2019
Microsoft Office 2019 on x64
Microsoft Office 2019 on x86
Microsoft Office 2019 for Mac OS
Microsoft Office 2019 for Mac OS X
Microsoft Office 2019 for macOS
Microsoft Office 2019 Click-to-Run Edition on x64
Microsoft Office 2019 Click-to-Run Edition on x86
Microsoft Office 2019 Mac OS Edition
+40 additional

CVSS:7.5 [Critical]
EPSS:42.12%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2004-0848, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2004-0848 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2004-0848

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales