Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-0044 | First vendor Publication | 2005-05-02 |
Vendor | Cve | Last vendor Modification | 2019-04-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0044 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1180 | |||
Oval ID: | oval:org.mitre.oval:def:1180 | ||
Title: | OLE Component Input Validation Vulnerability (32-bit XP,SP2) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows Media Player 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2917 | |||
Oval ID: | oval:org.mitre.oval:def:2917 | ||
Title: | OLE Component Input Validation Vulnerability (Windows 2000) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Windows Media Player 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3568 | |||
Oval ID: | oval:org.mitre.oval:def:3568 | ||
Title: | OLE Component Input Validation Vulnerability (Server / XP 2003) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | OLE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4499 | |||
Oval ID: | oval:org.mitre.oval:def:4499 | ||
Title: | OLE Component Input Validation Vulnerability (Windows XP) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | unknown |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2005-05-31 | MS Windows COM Structured Storage Local Exploit (MS05-012) |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-16 | Name : Microsoft RPC Interface Buffer Overrun (KB824146) File : nvt/msrpc_dcom2.nasl |
2005-11-03 | Name : Microsoft RPC Interface Buffer Overrun (823980) File : nvt/msrpc_dcom.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13602 | Microsoft Windows OLE Input Validation Overflow A remote overflow exists in Windows. The OLE component fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-02-08 | Name : Arbitrary code can be executed on the remote host through Explorer. File : smb_nt_ms05-012.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:02:50 |
|
2024-02-01 12:01:38 |
|
2023-09-05 12:02:42 |
|
2023-09-05 01:01:29 |
|
2023-09-02 12:02:43 |
|
2023-09-02 01:01:29 |
|
2023-08-12 12:03:16 |
|
2023-08-12 01:01:30 |
|
2023-08-11 12:02:49 |
|
2023-08-11 01:01:31 |
|
2023-08-06 12:02:37 |
|
2023-08-06 01:01:30 |
|
2023-08-04 12:02:41 |
|
2023-08-04 01:01:31 |
|
2023-07-14 12:02:40 |
|
2023-07-14 01:01:31 |
|
2023-03-29 01:02:44 |
|
2023-03-28 12:01:36 |
|
2022-10-11 12:02:23 |
|
2022-10-11 01:01:23 |
|
2021-05-04 12:02:43 |
|
2021-04-22 01:02:55 |
|
2020-05-23 00:16:16 |
|
2019-04-30 21:19:18 |
|
2018-10-13 00:22:30 |
|
2017-10-11 09:23:26 |
|
2017-07-11 12:01:47 |
|
2016-04-26 13:13:35 |
|
2014-02-17 10:29:39 |
|
2013-05-11 11:19:34 |
|