Lucene search

SAINT CorporationSAINT:F0CCBA79891EC69AFBE14E3B1AC55891

HistoryJun 12, 2007 - 12:00 a.m.

Windows Telephony API buffer overflow

2007-06-1200:00:00

SAINT Corporation

download.saintcorporation.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

91.4%

JSON

Added: 06/12/2007
CVE: CVE-2005-0058
BID: 14518
OSVDB: 18606

Background

The Windows Telephony API (TAPI) provides telecommunications support for Windows applications.

Problem

A buffer overflow in the Windows Telephony API allows local attackers to execute commands with administrative privileges.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-040.

References

<http://www.microsoft.com/technet/security/bulletin/ms05-040.mspx>

Limitations

The Telephony service must be running on the target in order for this exploit to succeed.

Platforms

Windows 2000

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

91.4%

JSON

Related for SAINT:F0CCBA79891EC69AFBE14E3B1AC55891