| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
A vulnerability has been found in Microsoft Word 2002 (Word Processing Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component DOC Document Handler. The manipulation with the input value 0xAA leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
The bug was discovered 10/06/2004. The weakness was disclosed 10/07/2004 with HexView as MS05-023 (Website). The advisory is shared at lists.netsys.com. This vulnerability is known as CVE-2004-0963 since 10/18/2004. The attack can only be initiated within the local network. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details and also a exploit are known.
It is possible to download the exploit at lists.netsys.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 18026 (MS05-023: Vulnerability in Word May Lead to Code Execution (890169)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 110031 (Microsoft Word Vulnerability Could Allow Remote Code Execution (MS05-023)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at microsoft.com. The problem might be mitigated by replacing the product with as an alternative. The best possible mitigation is suggested to be establishing an alternative product. A possible mitigation has been published 7 months after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 3179.
The vulnerability is also documented in the databases at X-Force (17635) and Tenable (18026). Additional details are provided at securityfocus.com. The entry 24510 is pretty similar.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.7VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.7
VulDB Temp Score: 5.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Partially
Availability: 🔍
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 18026
Nessus Name: MS05-023: Vulnerability in Word May Lead to Code Execution (890169)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: AlternativeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: microsoft.com
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
PaloAlto IPS: 🔍
Timeline
10/06/2004 🔍10/06/2004 🔍
10/07/2004 🔍
10/07/2004 🔍
10/07/2004 🔍
10/07/2004 🔍
10/07/2004 🔍
10/08/2004 🔍
10/10/2004 🔍
10/18/2004 🔍
02/09/2005 🔍
04/12/2005 🔍
04/12/2005 🔍
06/29/2019 🔍
Sources
Vendor: microsoft.comAdvisory: MS05-023
Researcher: http://www.hexview.com
Organization: HexView
Status: Not defined
CVE: CVE-2004-0963 (🔍)
OVAL: 🔍
X-Force: 17635 - Microsoft Word improper file parsing buffer overflow, High Risk
SecurityTracker: 1011565
Vulnerability Center: 5524 - [MS05-023] DoS in Microsoft Word via Input Validation Error, High
SecurityFocus: 11350 - Microsoft Word Multiple Remote Denial Of Service Vulnerabilities
Secunia: 12758 - Microsoft Word Document Parsing Buffer Overflow Vulnerabilities, Highly Critical
OSVDB: 10549 - Microsoft Word .doc Parsing Exception Arbitrary Command Execution
Misc.: 🔍
See also: 🔍
Entry
Created: 10/07/2004 12:45Updated: 06/29/2019 15:28
Changes: 10/07/2004 12:45 (106), 06/29/2019 15:28 (2)
Complete: 🔍
Cache ID: 3:729:103
No comments yet. Languages: en.
Please log in to comment.