Lucene search

[email protected]CVE-2005-2572

HistoryAug 16, 2005 - 4:00 a.m.

CVE-2005-2572

2005-08-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mysql

windows

remote authenticated users

denial of service

arbitrary code

nvd

cve-2005-2572

7.5 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.8%

JSON

MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.

CPENameOperatorVersion
oracle:mysqloracle mysqleq5.0.33

CPE	Name	Operator	Version
oracle:mysql	oracle mysql	eq	5.0.33

References

h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

marc.info/?l=bugtraq&m=112360818900941&w=2

secunia.com/advisories/54788

www.appsecinc.com/resources/alerts/mysql/2005-003.html

www.securityfocus.com/bid/62358

www.securitytracker.com/id/1029010

exchange.xforce.ibmcloud.com/vulnerabilities/21756

7.5 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2005-2572

nessus1 ubuntucve1 securityvulns4