Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS05-022 | First vendor Publication | N/A |
| Vendor | Microsoft | Last vendor Modification | 2009-01-21 |
| Severity (Vendor) | Critical | Revision | 2.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V2.0 (January 21, 2009): Bulletin updated. Replaced the download link for MSN Messenger 6.2 with the bulletin link to MS07-054. Users may either use the specific download link in MS07-054 to upgrade, or log on to MSN Messenger service to accept the required upgrade.Summary: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the ?Vulnerability Details? section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS05-022.mspx |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:4927 | |||
| Oval ID: | oval:org.mitre.oval:def:4927 | ||
| Title: | MSN Messenger GIF Size Buffer Overflow | ||
| Description: | GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0562 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | MSN Messenger |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 15468 | MSN Messenger Malformed GIF Code Execution A remote code execution flaw exists in MSN Messenger. The program fails to validate GIF image height and width information. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-04-12 | Name : Arbitrary code can be executed on the remote host through Messenger service. File : smb_nt_ms05-022.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:10 |
|
| 2013-05-11 12:21:42 |
|
