| VID |
26113 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix(KB873352) for the 'Vulnerability in Microsoft Office XP' has not been applied. Microsoft Office XP, Microsoft Project 2002, Microsoft Visio 2002, and Microsoft Works Suite 2002, 2003, and 2004 are vulnerable to a buffer overflow vulnerability that could allow remote code execution on an affected system. The problem exists in the process that passes URL file locations to the Office XP software. A remote attacker could exploit this vulnerability by persuading a user to open a malicious file hosted in a Web site or click on a link in an HTML email message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx
* Platforms Affected:
Microsoft PowerPoint 2002
Microsoft Project 2002
Microsoft Visio 2002
Microsoft Word 2002
Microsoft Works Suite 2002 Any version
Microsoft Works Suite 2003 Any version
Microsoft Works Suite 2004 Any version
Microsoft Office XP SP2
Microsoft Office XP SP3 |
| Recommendation |
Apply the appropriate patch (KB873352) for your system, as listed in Microsoft Security Bulletin MS05-005 at http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2004-0847 (CVE) |
| Related URL |
11342 (SecurityFocus) |
| Related URL |
17644,18769 (ISS) |
|
