Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1208

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-1208
Last Modified 10 Sep 2008 03:38:16
Published 14 Jun 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1208

Summary

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Datacenter 64-bit

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Standard 64-bit

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows 98

  • Microsoft Windows Xp


References

CERT - TA05-165A

CERT-VN - VU#851869

MS - MS05-026

SECUNIA - 15683

VULNWATCH - 20050614 eEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow

BID - 13953


Last Updated: 27 May 2016 10:40:05