7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.753 High
EPSS
Percentile
98.1%
Microsoft COM+ contains a vulnerability due to a memory management flaw that may allow an attacker to take complete control of an affected system.
Microsoft gives the following definition of COM+:
_COM+ is the next step in the evolution of the Microsoft Component Object Model and Microsoft Transaction Server (MTS). COM+ handles resource management tasks, such as thread allocation and security. It automatically makes applications more scalable by providing thread pooling, object pooling, and just-in-time object activation. COM+ also helps protect the integrity of data by providing transaction support even if a transaction spans multiple databases over a network. For information about COM+, visit the following Microsoft Web site. _Microsoft COM+ contains a flaw in the process used to create and utilize memory that may allow an attacker to take complete control of a system. The attacker may be able to execute arbitrary code on the system and take control of it by sending a specially-crafted network packet to the system.
A remote, unauthenticated attacker may be able to execute arbitrary code and take complete control of an affected system.
Apply an update
Please see Microsoft Security Bulletin MS05-051 for more information.
950516
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 11, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Microsoft Security Bulletin MS05-051 for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23950516 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Microsoft reported this vulnerability, and in turn thank Cesar Cerrudo of Argeniss for information on the issue.
This document was written by Ken MacInnis.
CVE IDs: | CVE-2005-1978 |
---|---|
Severity Metric: | 28.10 Date Public: |