CVE-2004-0901

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1990%

EPSS Percentile8.46th

PublishedJan 10, 2005

Last ModifiedApr 16, 2026

Vulnerability Description

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.

Affected Platforms (CPE)

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2003 Server

= enterprise

💻

Microsoft

Windows 2003 Server

= enterprise_64-bit

💻

Microsoft

Windows 2003 Server

= r2

💻

Microsoft

Windows 2003 Server

= r2

💻

Microsoft

Windows 2003 Server

= standard

💻

Microsoft

Windows 2003 Server

= web

💻

Microsoft

Windows 98

All versions

💻

Microsoft

Windows 98se

All versions

💻

Microsoft

Windows Me

All versions

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

References & Advisories

🔗 http://www.ciac.org/ciac/bulletins/p-055.shtml

🔗 http://www.idefense.com/application/poi/display?id=162&type=vulnerabilities&flashstatus=true

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18338

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1241

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1655

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3310

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3882

Vulnerability Description

Affected Platforms (CPE)

Windows 2000

Windows 2000

Windows 2000

Windows 2000

Windows 2000

Windows 2003 Server

Windows 2003 Server

Windows 2003 Server

Windows 2003 Server

Windows 2003 Server

Windows 2003 Server

Windows 98

Windows 98se

Windows Me

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Nt

Windows Xp

Windows Xp

Windows Xp

Windows Xp

Windows Xp

Windows Xp

References & Advisories

Related Vulnerabilities