Executive Summary
Informations | |||
---|---|---|---|
Name | MS05-012 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1159 | |||
Oval ID: | oval:org.mitre.oval:def:1159 | ||
Title: | Windows 2000 COM Structured Storage Vulnerability | ||
Description: | Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0047 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | COM Internet Services |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1180 | |||
Oval ID: | oval:org.mitre.oval:def:1180 | ||
Title: | OLE Component Input Validation Vulnerability (32-bit XP,SP2) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows Media Player 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2351 | |||
Oval ID: | oval:org.mitre.oval:def:2351 | ||
Title: | Windows XP,SP2 COM Structured Storage Vulnerability | ||
Description: | Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0047 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | COM Internet Services |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2892 | |||
Oval ID: | oval:org.mitre.oval:def:2892 | ||
Title: | Windows XP,SP1 COM Structured Storage Vulnerability | ||
Description: | Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0047 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | COM Internet Services |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2917 | |||
Oval ID: | oval:org.mitre.oval:def:2917 | ||
Title: | OLE Component Input Validation Vulnerability (Windows 2000) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Windows Media Player 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3568 | |||
Oval ID: | oval:org.mitre.oval:def:3568 | ||
Title: | OLE Component Input Validation Vulnerability (Server / XP 2003) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | OLE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4499 | |||
Oval ID: | oval:org.mitre.oval:def:4499 | ||
Title: | OLE Component Input Validation Vulnerability (Windows XP) | ||
Description: | The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0044 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | unknown |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:901 | |||
Oval ID: | oval:org.mitre.oval:def:901 | ||
Title: | Server 2003 COM Structured Storage Vulnerability | ||
Description: | Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0047 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | COM Internet Services |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2005-05-31 | MS Windows COM Structured Storage Local Exploit (MS05-012) |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-16 | Name : Microsoft RPC Interface Buffer Overrun (KB824146) File : nvt/msrpc_dcom2.nasl |
2005-11-03 | Name : Microsoft RPC Interface Buffer Overrun (823980) File : nvt/msrpc_dcom.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13602 | Microsoft Windows OLE Input Validation Overflow A remote overflow exists in Windows. The OLE component fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
13601 | Microsoft Windows COM Structured Storage Privilege Escalation Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered improper access to shared memory by COM when working with structured storage. This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-02-08 | Name : Arbitrary code can be executed on the remote host through Explorer. File : smb_nt_ms05-012.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:08 |
|