CVE-2005-0047

critical

Description

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A901

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2892

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2351

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1159

https://exchange.xforce.ibmcloud.com/vulnerabilities/19105

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

http://www.kb.cert.org/vuls/id/597889

http://www.argeniss.com/research/SSExploit.c

http://marc.info/?l=bugtraq&m=111755870828817&w=2

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics