CVE-2004-0645

Name of the Vulnerable Software and Affected Versions wv library (wvWare) versions 0.7.4 through 0.7.6 wv library (wvWare) version 1.0.0

Description The issue involves multiple vulnerabilities in the wv library, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific buffer overflow vulnerability exists in the wvHandleDateTimePicture function, allowing remote attackers to execute arbitrary code via a document with a long DateTime field.

Recommendations For wv library (wvWare) versions 0.7.4 through 0.7.6, consider disabling the wvHandleDateTimePicture function until a patch is available. For wv library (wvWare) version 1.0.0, consider disabling the wvHandleDateTimePicture function until a patch is available. As a temporary workaround, restrict access to documents with long DateTime fields to minimize the risk of exploitation.