Vulnerabilities > CVE-2005-0047 - Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

nessus

exploit available

NVD

Published: 2005-05-02

Updated: 2019-04-30

Summary

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows XP * Microsoft Windows 2003 Server Web Microsoft Windows 2003 Server Enterprise Microsoft Windows 2003 Server Enterprise_64-Bit Microsoft Windows 2003 Server R2 Microsoft Windows 2003 Server Standard Microsoft Windows 2000 *	21

Exploit-Db

description	MS Windows COM Structured Storage Local Exploit (MS05-012). CVE-2005-0047. Local exploit for windows platform
id	EDB-ID:1019
last seen	2016-01-31
modified	2005-05-31
published	2005-05-31
reporter	Cesar Cerrudo
source	https://www.exploit-db.com/download/1019/
title	Microsoft Windows - COM Structured Storage Local Exploit MS05-012

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS05-012.NASL
description	The remote host is running a version of Windows that is affected by two vulnerabilities when dealing with OLE and/or COM. These vulnerabilities could allow a local user to escalate his privileges and allow a remote user to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a specially crafted document to a victim on the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	16327
published	2005-02-08
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16327
title	MS05-012: Vulnerability in OLE and COM Could Allow Code Execution (873333)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(16327); script_version("1.38"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2005-0047", "CVE-2005-0044"); script_bugtraq_id(12488, 12483); script_xref(name:"MSFT", value:"MS05-012"); script_xref(name:"CERT", value:"597889"); script_xref(name:"CERT", value:"927889"); script_xref(name:"EDB-ID", value:"1019"); script_xref(name:"MSKB", value:"873333"); script_name(english:"MS05-012: Vulnerability in OLE and COM Could Allow Code Execution (873333)"); script_summary(english:"Checks for KB 873333 via the registry"); script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host through Explorer."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Windows that is affected by two vulnerabilities when dealing with OLE and/or COM. These vulnerabilities could allow a local user to escalate his privileges and allow a remote user to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a specially crafted document to a victim on the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-012"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl" , "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS05-012'; kb = '873333'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'3,4', xp:'1,2', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Ole32.dll", version:"5.2.3790.250", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:1, file:"Ole32.dll", version:"5.1.2600.1619", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Ole32.dll", version:"5.1.2600.2595", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Ole32.dll", version:"5.0.2195.7021", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2011-05-16T04:00:26.376-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Andrew Buttner
organization The MITRE Corporation
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:1159

status

accepted

submitted

2005-02-15T12:00:00.000-04:00

title

Windows 2000 COM Structured Storage Vulnerability

version

accepted

2011-05-16T04:02:29.213-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:2351

status

accepted

submitted

2005-02-15T12:00:00.000-04:00

title

Windows XP,SP2 COM Structured Storage Vulnerability

version

accepted

2011-05-16T04:02:38.881-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:2892

status

accepted

submitted

2005-03-29T12:00:00.000-04:00

title

Windows XP,SP1 COM Structured Storage Vulnerability

version

accepted

2005-04-13T12:15:00.000-04:00

class

vulnerability

contributors

name Christine Walzer
organization The MITRE Corporation
name Christine Walzer
organization The MITRE Corporation

description

family

windows

oval:org.mitre.oval:def:901

status

accepted

submitted

2005-02-15T12:00:00.000-04:00

title

Server 2003 COM Structured Storage Vulnerability

version

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:5342
last seen	2017-11-19
modified	2006-10-28
published	2006-10-28
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-5342
title	MS Windows COM Structured Storage Local Exploit (MS05-012)

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

Seebug

References