7.5 - MS05-048

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	MS05-048	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1130

Oval ID:	oval:org.mitre.oval:def:1130
Title:	Buffer Overflow in CDOSYS Message Processing (Server 2003)
Description:	Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1987	Version:	6
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND cdosys.dll is less than 6.5.6749.0

Definition Id: oval:org.mitre.oval:def:1201

Oval ID:	oval:org.mitre.oval:def:1201
Title:	Buffer Overflow in CDOEX Message Processing
Description:	Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1987	Version:	7
Platform(s):	Microsoft Windows 2000	Product(s):
Definition Synopsis:
Microsoft Exchange 2000 Installed AND cdoex.dll is less than 6.0.6617.86

Definition Id: oval:org.mitre.oval:def:1406

Oval ID:	oval:org.mitre.oval:def:1406
Title:	Buffer Overflow in CDOSYS Message Processing (WinXP,SP1)
Description:	Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1987	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP 32-bit edition is installed Windows XP is installed AND 32-Bit version of Windows is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND cdosys.dll is less than 6.1.1002.0

Definition Id: oval:org.mitre.oval:def:1420

Oval ID:	oval:org.mitre.oval:def:1420
Title:	Buffer Overflow in CDOSYS Message Processing (Win2K,SP4)
Description:	Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1987	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):
Definition Synopsis:
Windows 2000 is installed AND Win2K/XP/2003 service pack 4 is installed AND cdosys.dll is less than 6.1.3940.42

Definition Id: oval:org.mitre.oval:def:1515

Oval ID:	oval:org.mitre.oval:def:1515
Title:	Buffer Overflow in CDOSYS Message Processing (WinXP,SP2)
Description:	Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1987	Version:	6
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP 32-bit edition is installed Windows XP is installed AND 32-Bit version of Windows is installed AND Windows XP 32 bit Service Pack 2 Win2K/XP/2003/Vista/2008 service pack 2 is installed AND Windows XP 32-bit edition is installed Windows XP is installed AND 32-Bit version of Windows is installed AND cdosys.dll is less than 6.2.4.0

Definition Id: oval:org.mitre.oval:def:581

Oval ID:	oval:org.mitre.oval:def:581
Title:	Buffer Overflow in CDOSYS Message Processing (Server 2003,SP1)
Description:	Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1987	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND cdosys.dll is less than 6.5.6756.0

Definition Id: oval:org.mitre.oval:def:848

Oval ID:	oval:org.mitre.oval:def:848
Title:	Buffer Overflow in CDOSYS Message Processing (64-bit WinXP,SP1)
Description:	Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1987	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP 64-bit Windows XP is installed AND a version of Windows for the ia64 architecture is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND cdosys.dll is less than 6.5.6756.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Exchange Server cpe:2.3:a:microsoft:exchange_server:2000:sp3::::::	1
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000:-:sp4::fr::::*	1
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003:sp1:::::::* cpe:2.3:o:microsoft:windows_server_2003:sp1::::::itanium: cpe:2.3:o:microsoft:windows_server_2003:r2:-:::-::-: cpe:2.3:o:microsoft:windows_server_2003:-::::::x64: cpe:2.3:o:microsoft:windows_server_2003:-::::::itanium:	5
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp:-::::::x64: cpe:2.3:o:microsoft:windows_xp:-:sp1:::tablet_pc:::* cpe:2.3:o:microsoft:windows_xp:-:sp2:::tablet_pc:::*	3

Open Source Vulnerability Database (OSVDB)

Id	Description
19905	Microsoft Collaboration Data Objects Remote Overflow A remote overflow exists in Microsoft Collaboration Data Objects (CDO). The component fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted email message containing an overly long header line, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft collaboration data objects buffer overflow attempt RuleID : 17737 - Revision : 8 - Type : SERVER-MAIL
2014-01-10	Microsoft Windows Exchange CDO long header name RuleID : 12423 - Revision : 7 - Type : SERVER-MAIL

Nessus® Vulnerability Scanner

Date	Description
2005-10-11	Name : A flaw in the Microsoft Collaboration Data Object could allow an attacker to ... File : smb_nt_ms05-048.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:45:16	Multiple Updates
2014-01-19 21:29:56	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	7
CPE ID(s)	10
osvdb(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	1

	Related
7.5	CVE-2005-1987
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)