CVE-2004-0571
published 2005-01-10CVE-2004-0571: Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri…
PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
30.72%
98.0th percentile
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_nt | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jg5g-77rp-vp26: Microsoft Word for Windows 6
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0901 [CRITICAL] GHSA-jg5g-77rp-vp26: Microsoft Word for Windows 6
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
GHSA
GHSA-596g-qg9p-5mvj: Microsoft Word for Windows 6
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0571 [CRITICAL] GHSA-596g-qg9p-5mvj: Microsoft Word for Windows 6
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041https://exchange.xforce.ibmcloud.com/vulnerabilities/18337https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1168https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1417https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1959https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1976https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3416https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3743https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4328https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A685https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041https://exchange.xforce.ibmcloud.com/vulnerabilities/18337https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1168https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1417https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1959https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1976https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3416https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3743https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4328https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A685
2005-01-10
Published