返回 CVE 瀏覽器

CVE-2004-0963

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0850%

EPSS Percentile31.20th

Published2005年2月9日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.

Affected Platforms (CPE)

📦

Microsoft

Word

= 2002

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=109716247230733&w=2

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-023

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17635

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1795

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2105

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2216

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A420

🔗 http://marc.info/?l=bugtraq&m=109716247230733&w=2

相關漏洞威脅

CVE-2004-057110.0

Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute...

CVE-2004-090110.0

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, whic...

CVE-2000-078810.0

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, ...

CVE-2004-125810.0

Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via craft...