Lucene search

[email protected]CVE-2005-1208

HistoryJun 14, 2005 - 4:00 a.m.

CVE-2005-1208

2005-06-1404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1208

microsoft windows

integer overflow

remote attackers

arbitrary code execution

chm file

buffer overflow

internet explorer

nvd

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.454 Medium

EPSS

Percentile

97.4%

JSON

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a “ms-its:” URL in Internet Explorer.

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq64-bit
microsoft:windows_2003_servermicrosoft windows 2003 servereqweb
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqenterprise
microsoft:windows_2003_servermicrosoft windows 2003 servereqenterprise_64-bit
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqstandard_64-bit
microsoft:windows_2003_servermicrosoft windows 2003 servereqdatacenter_64-bit
microsoft:windows_2003_servermicrosoft windows 2003 servereqstandard
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	64-bit
microsoft:windows_2003_server	microsoft windows 2003 server	eq	web
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	enterprise
microsoft:windows_2003_server	microsoft windows 2003 server	eq	enterprise_64-bit
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	standard_64-bit
microsoft:windows_2003_server	microsoft windows 2003 server	eq	datacenter_64-bit
microsoft:windows_2003_server	microsoft windows 2003 server	eq	standard
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2

Rows per page:

1-10 of 111

References

archives.neohapsis.com/archives/vulnwatch/2005-q2/0062.html

secunia.com/advisories/15683

www.kb.cert.org/vuls/id/851869

www.securityfocus.com/bid/13953

www.us-cert.gov/cas/techalerts/TA05-165A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-026

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1057

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A381

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A463

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.454 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2005-1208

securityvulns1 cert1 nessus1