Lucene search

[email protected]CVE-2005-2935

HistorySep 15, 2005 - 9:03 p.m.

CVE-2005-2935

2005-09-1521:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2935

microsoft antispyware

vulnerability

local execution

gsasdtserv.exe

code execution

6.9 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.1%

JSON

Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940.

CPENameOperatorVersion
microsoft:antispywaremicrosoft antispywareeq*

CPE	Name	Operator	Version
microsoft:antispyware	microsoft antispyware	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html

lists.grok.org.uk/pipermail/full-disclosure/2005-May/033910.html

6.9 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.1%

JSON

Related for CVE-2005-2935

cve1 securityvulns1