Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0063

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0063
Last Modified 07 Mar 2011 09:19:29
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0063

Summary

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Xp


References

MS - MS05-016

IDEFENSE - 20050412 Microsoft MSHTA Script Execution Vulnerability

VUPEN - ADV-2005-0335

MISC - http://www.securiteam.com/exploits/5YP0T0AFFW.html

BID - 13132

BUGTRAQ - 20050529 Spam exploiting MS05-016


Last Updated: 27 May 2016 10:39:38