MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)

High Nessus Plugin ID 16332


Arbitrary code can be executed on the remote host through the Office client.


The remote host is running a version of Microsoft Office that could allow an attacker to execute arbitrary code on the remote host.

To exploit this flaw, an attacker would need to send a specially crafted file to a user on the remote host and wait for him to open it using Microsoft Office.

When opening the malformed file, Microsoft Office will encounter a buffer overflow which may be exploited to execute arbitrary code.


Microsoft has released a patch for Office XP.

See Also

Plugin Details

Severity: High

ID: 16332

File Name: smb_nt_ms05-005.nasl

Version: $Revision: 1.36 $

Type: local

Agent: windows

Published: 2005/02/09

Modified: 2017/08/09

Dependencies: 57033, 13855

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:project, cpe:/a:microsoft:visio, cpe:/a:microsoft:works

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2005/02/08

Vulnerability Publication Date: 2005/02/08

Reference Information

CVE: CVE-2004-0848

BID: 12480

OSVDB: 13594

MSFT: MS05-005

CERT: 416001

MSKB: 873352, 873354, 873355