Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0047

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-0047
Last Modified 10 Sep 2008 03:34:49
Published 02 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0047

Summary

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Xp


References

CERT - TA05-039A

CERT-VN - VU#597889

MS - MS05-012

XF - win-com-gain-privileges(19105)

MISC - http://www.argeniss.com/research/SSExploit.c

BUGTRAQ - 20050530 [Argeniss] MS05-012 Exploit


Last Updated: 27 May 2016 10:39:38