MS05-035: Vulnerability in Word May Lead to Code Execution (903672)

high Nessus Plugin ID 18679


Arbitrary code can be executed on the remote host through Word.


The remote host is running a version of Microsoft Word that is subject to a flaw that could allow arbitrary code to be run.

An attacker may use this to execute arbitrary code on this host.

To succeed, the attacker would have to send a rogue Word file to a user of the remote computer and have him open it. Then a bug in the font parsing handler would result in code execution.


Microsoft has released a set of patches for Word 2000 and XP.

See Also

Plugin Details

Severity: High

ID: 18679

File Name: smb_nt_ms05-035.nasl

Version: 1.37

Type: local

Agent: windows

Published: 7/12/2005

Updated: 11/15/2018

Risk Information


Risk Factor: Medium

Score: 5.2


Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:works

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 7/12/2005

Vulnerability Publication Date: 7/12/2005

Reference Information

CVE: CVE-2005-0564

BID: 14216

MSFT: MS05-035

CERT: 218621

MSKB: 895333, 895589