CVE-2005-0063

high

Description

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A587

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A573

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4710

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A407

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3456

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2184

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-016

http://www.vupen.com/english/advisories/2005/0335

http://www.securityfocus.com/bid/13132

http://www.securiteam.com/exploits/5YP0T0AFFW.html

http://www.idefense.com/application/poi/display?id=231&type=vulnerabilities

http://marc.info/?l=bugtraq&m=111755356016155&w=2

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High