CVE-2004-0901 — Microsoft Windows 2003 Server vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

36.2%

top 2.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedJan 10

Latest updateApr 29

Description

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/windows_2003_server5 versions+4

🔴Vulnerability Details

GHSA

GHSA-jg5g-77rp-vp26: Microsoft Word for Windows 6↗2022-04-29

▶

CVEList

CVE-2004-0901: Microsoft Word for Windows 6↗2004-12-15

▶