Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) %00 (null byte) in .doc filenames or (2) %0a (carriage return) in .rtf filenames.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Office | Microsoft | * | * |
| Office | Microsoft | xp-sp1 (including) | xp-sp1 (including) |
| Office | Microsoft | xp-sp2 (including) | xp-sp2 (including) |
| Office | Microsoft | xp-sp3 (including) | xp-sp3 (including) |
| Powerpoint | Microsoft | 2002 (including) | 2002 (including) |
| Powerpoint | Microsoft | 2002-sp1 (including) | 2002-sp1 (including) |
| Powerpoint | Microsoft | 2002-sp2 (including) | 2002-sp2 (including) |
| Powerpoint | Microsoft | 2002-sp3 (including) | 2002-sp3 (including) |
| Project | Microsoft | 2002 (including) | 2002 (including) |
| Project | Microsoft | 2002-sp1 (including) | 2002-sp1 (including) |
| Visio | Microsoft | 2002 (including) | 2002 (including) |
| Visio | Microsoft | 2002-sp1 (including) | 2002-sp1 (including) |
| Visio | Microsoft | 2002-sp2 (including) | 2002-sp2 (including) |
| Word | Microsoft | 2002 (including) | 2002 (including) |
| Word | Microsoft | 2002-sp1 (including) | 2002-sp1 (including) |
| Word | Microsoft | 2002-sp2 (including) | 2002-sp2 (including) |
| Word | Microsoft | 2002-sp3 (including) | 2002-sp3 (including) |
| Works | Microsoft | 2002 (including) | 2002 (including) |
| Works | Microsoft | 2003 (including) | 2003 (including) |
| Works | Microsoft | 2004 (including) | 2004 (including) |