CVE-2004-0573

Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/449438	US Government Resource
http://securitytracker.com/id?1011249
http://securitytracker.com/id?1011250
http://securitytracker.com/id?1011251
http://securitytracker.com/id?1011252
http://secunia.com/advisories/12529
http://marc.info/?l=bugtraq&m=109519646030906&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:frontpage:2003:::::::*
	cpe:2.3:a:microsoft:office:2000:::::::*
	cpe:2.3:a:microsoft:word:2002:::::::*
	cpe:2.3:a:microsoft:word:2003:::::::*
	cpe:2.3:a:microsoft:frontpage:2000:::::::*
	cpe:2.3:a:microsoft:frontpage:2002:::::::*
	cpe:2.3:a:microsoft:publisher:2003:::::::*
	cpe:2.3:a:microsoft:word:2000:::::::*
	cpe:2.3:a:microsoft:publisher:2000:::::::*
	cpe:2.3:a:microsoft:publisher:2002:::::::*
	cpe:2.3:a:microsoft:works:2003:::::::*
	cpe:2.3:a:microsoft:works:2001:::::::*
	cpe:2.3:a:microsoft:works:2002:::::::*
	cpe:2.3:a:microsoft:office:2003:::::::*
	cpe:2.3:a:microsoft:works:2004:::::::*
	cpe:2.3:a:microsoft:office:xp:::::::*

Information

Published : 2004-09-27 21:00

Updated : 2018-10-30 09:25

NVD link : CVE-2004-0573

Mitre link : CVE-2004-0573

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

publisher
works
frontpage
office
word

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/449438", "name": "VU#449438", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://securitytracker.com/id?1011249", "name": "1011249", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1011250", "name": "1011250", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1011251", "name": "1011251", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1011252", "name": "1011252", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/12529", "name": "12529", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=109519646030906&w=2", "name": "20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17306", "name": "wordperfect-converter-message-bo(17306)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021", "name": "oval:org.mitre.oval:def:5021", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4005", "name": "oval:org.mitre.oval:def:4005", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3333", "name": "oval:org.mitre.oval:def:3333", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3311", "name": "oval:org.mitre.oval:def:3311", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2670", "name": "oval:org.mitre.oval:def:2670", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-027", "name": "MS04-027", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0573", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-09-28T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:frontpage:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:publisher:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}

7.5 /10