Vulnerabilities > CVE-2004-0897 - Buffer Overflow vulnerability in Microsoft Windows 2003 Server and Windows XP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-003.NASL |
description | The remote host contains a version of the Indexing Service that may allow an attacker to execute arbitrary code on the remote host by constructing a malicious query. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16125 |
published | 2005-01-11 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16125 |
title | MS05-003: Indexing Service Code Execution (871250) |
code |
|
Oval
accepted 2005-05-04T12:33:00.000-04:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation description The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. family windows id oval:org.mitre.oval:def:2128 status accepted submitted 2005-03-23T12:00:00.000-04:00 title Windows 2003/64-bit XP Indexing Service Code Execution Vulnerability version 65 accepted 2011-05-16T04:02:30.010-04:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Sudhir Gandhe organization Secure Elements, Inc. name Shane Shaffer organization G2, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870
description The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. family windows id oval:org.mitre.oval:def:2447 status accepted submitted 2005-03-23T12:00:00.000-04:00 title Windows XP Indexing Service Code Execution Vulnerability version 76
References
- http://secunia.com/advisories/13802
- http://securitytracker.com/id?1012833
- http://www.ciac.org/ciac/bulletins/p-095.shtml
- http://www.kb.cert.org/vuls/id/657118
- http://www.securityfocus.com/bid/12228
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2128
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2447