CVE-2004-0645

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.

Desbordamiento de búfer en la función wvHandleDateTimePicture en la librería wv (wvWare) 0.7.4 a 0.7.6 y 1.0.0 permite a atacantes remotos ejecutar código de su elección mediante un documento con un campo DateTime largo.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-07-08 CVE Reserved
2004-07-13 CVE Published
2023-06-20 EPSS Updated
2024-08-08 CVE Updated
2024-08-08 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (10)

URL	Tag	Source
http://cpan.cybercomm.nl/pub/gentoo-portage/app-text/wv/files/wv-1.0.0-fix_overflow.patch	X_refsource_confirm
http://www.freebsd.org/ports/portaudit/7a5430df-d562-11d8-b479-02e0185c0b53.html	X_refsource_confirm
http://www.osvdb.org/7761	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16660	Vdb Entry

URL	Date	SRC
http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities	2024-08-08

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200407-11.xml	2017-07-11

URL	Date	SRC
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000863	2017-07-11
http://www.debian.org/security/2004/dsa-579	2017-07-11
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:077	2017-07-11
https://bugzilla.fedora.us/show_bug.cgi?id=1906	2017-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Abisource Search vendor "Abisource"		Community Abiword Search vendor "Abisource" for product "Community Abiword"				2.0.3 Search vendor "Abisource" for product "Community Abiword" and version "2.0.3"		-		Affected
Abisource Search vendor "Abisource"		Community Abiword Search vendor "Abisource" for product "Community Abiword"				2.0.4 Search vendor "Abisource" for product "Community Abiword" and version "2.0.4"		-		Affected
Abisource Search vendor "Abisource"		Community Abiword Search vendor "Abisource" for product "Community Abiword"				2.0.5 Search vendor "Abisource" for product "Community Abiword" and version "2.0.5"		-		Affected
Abisource Search vendor "Abisource"		Community Abiword Search vendor "Abisource" for product "Community Abiword"				2.0.6 Search vendor "Abisource" for product "Community Abiword" and version "2.0.6"		-		Affected
Abisource Search vendor "Abisource"		Community Abiword Search vendor "Abisource" for product "Community Abiword"				2.0.7 Search vendor "Abisource" for product "Community Abiword" and version "2.0.7"		-		Affected
Wvware Search vendor "Wvware"		Wvware Search vendor "Wvware" for product "Wvware"				0.7.4 Search vendor "Wvware" for product "Wvware" and version "0.7.4"		-		Affected
Wvware Search vendor "Wvware"		Wvware Search vendor "Wvware" for product "Wvware"				0.7.5 Search vendor "Wvware" for product "Wvware" and version "0.7.5"		-		Affected
Wvware Search vendor "Wvware"		Wvware Search vendor "Wvware" for product "Wvware"				0.7.6 Search vendor "Wvware" for product "Wvware" and version "0.7.6"		-		Affected
Wvware Search vendor "Wvware"		Wvware Search vendor "Wvware" for product "Wvware"				1.0 Search vendor "Wvware" for product "Wvware" and version "1.0"		-		Affected