CVE-2004-0901 - Unmelted Bushels

Description

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC) as used in WordPad does not properly validate certain data lengths which allows remote attackers to execute arbitrary code via a .wri .rtf and .doc file sent by email or malicious web site aka \Font Conversion Vulnerability\ a different vulnerability than CVE-2004-0571.

Reference

http://www.ciac.org/ciac/bulletins/p-055.shtml http://www.idefense.com/application/poi/display?id=162&type=vulnerabilities&flashstatus=true https://exchange.xforce.ibmcloud.com/vulnerabilities/18338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A539 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4749 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4576 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3310 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1655 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1241 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041