Vulnerabilities > CVE-2005-0044 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."
Vulnerable Configurations
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-012.NASL |
description | The remote host is running a version of Windows that is affected by two vulnerabilities when dealing with OLE and/or COM. These vulnerabilities could allow a local user to escalate his privileges and allow a remote user to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a specially crafted document to a victim on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16327 |
published | 2005-02-08 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16327 |
title | MS05-012: Vulnerability in OLE and COM Could Allow Code Execution (873333) |
code |
|
Oval
accepted 2011-05-16T04:00:28.361-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." family windows id oval:org.mitre.oval:def:1180 status accepted submitted 2005-02-15T12:00:00.000-04:00 title OLE Component Input Validation Vulnerability (32-bit XP,SP2) version 70 accepted 2011-05-16T04:02:39.740-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." family windows id oval:org.mitre.oval:def:2917 status accepted submitted 2005-02-15T12:00:00.000-04:00 title OLE Component Input Validation Vulnerability (Windows 2000) version 71 accepted 2005-03-29T07:59:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." family windows id oval:org.mitre.oval:def:3568 status accepted submitted 2005-02-15T12:00:00.000-04:00 title OLE Component Input Validation Vulnerability (Server / XP 2003) version 66 accepted 2011-05-16T04:03:00.288-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." family windows id oval:org.mitre.oval:def:4499 status accepted submitted 2005-03-29T12:00:00.000-04:00 title OLE Component Input Validation Vulnerability (Windows XP) version 69
References
- http://www.kb.cert.org/vuls/id/927889
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19109
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1180
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2917
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3568
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4499