Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1987

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1987
Last Modified 10 Sep 2008 03:40:47
Published 13 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1987

Summary

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Itanium

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp

Application

  • Microsoft Exchange Server 2000


References

CERT - TA05-284A

CERT-VN - VU#883460

MS - MS05-048

MSKB - Q907245

BUGTRAQ - 20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability

XF - win-cdo-bo(22495)

BID - 15067

OSVDB - 19905

SECTRACK - 1015039

SECTRACK - 1015038

SECUNIA - 17167


Last Updated: 27 May 2016 10:40:22