VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Feb 8, 2005· Updated Apr 16, 2026

CVE-2004-0848

CVE-2004-0848

Description

Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.

Affected products

22
  • Microsoft/Word4 versions
    cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
  • Microsoft/Works3 versions
    cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
  • Microsoft/Office4 versions
    cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • Microsoft/Powerpoint4 versions
    cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*
  • Microsoft/Project2 versions
    cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
  • Microsoft/Visio5 versions
    cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:microsoft:visio:2002:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visio:2002:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visio:2002:sp2:professional:*:*:*:*:*
    • cpe:2.3:a:microsoft:visio:2002:sp2:standard:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.