CVE-2005-0047

Properties

Published:
01.05.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N) Approximated
Product:
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows XP
Microsoft: Windows 2000
Microsoft: Windows 2000
Microsoft: Windows 2000
Microsoft: Windows 2000
Microsoft: Windows 2000

Vulnerability description

Windows 2000, XP, and Server 2003 does not properly"validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the"COM Structured Storage Vulnerability."

References:

MS: http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx
CERT: http://www.us-cert.gov/cas/techalerts/TA05-039A.html
CERT-VN: http://www.kb.cert.org/vuls/id/597889
OVAL: http://oval.mitre.org/oval/definitions/data/oval1159.html
OVAL: http://oval.mitre.org/oval/definitions/data/oval2351.html
OVAL: http://oval.mitre.org/oval/definitions/data/oval2892.html
OVAL: http://oval.mitre.org/oval/definitions/data/oval901.html
XF: http://xforce.iss.net/xforce/xfdb/19105
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111755870828817&w=2
MISC: http://www.argeniss.com/research/SSExploit.c