Remote Code Execution in Office XP

Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED


  • Office XP

  • Word 2002

  • PowerPoint 2002

  • Project 2002

  • Visio 2002

  • Works Suite 2002, 2003, and 2004



DESCRIPTION

An unchecked buffer exists in the process that passes URL file locations to the affected software. The vulnerability could allow a remote intruder to execute code on an affected system.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-005, "Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) ," and a patch to correct the problem. The bulletin also lists workarounds that may be applicable in some situations.

CREDIT
Discovered by Rafel Ivgi from Finjan Software

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish