Vulnerabilities > CVE-2005-0047 - Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
microsoft
nessus
exploit available
NVD
Published: 2005-05-02
Updated: 2019-04-30

Summary

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
21

Exploit-Db

descriptionMS Windows COM Structured Storage Local Exploit (MS05-012). CVE-2005-0047. Local exploit for windows platform
idEDB-ID:1019
last seen2016-01-31
modified2005-05-31
published2005-05-31
reporterCesar Cerrudo
sourcehttps://www.exploit-db.com/download/1019/
titleMicrosoft Windows - COM Structured Storage Local Exploit MS05-012

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-012.NASL
descriptionThe remote host is running a version of Windows that is affected by two vulnerabilities when dealing with OLE and/or COM. These vulnerabilities could allow a local user to escalate his privileges and allow a remote user to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to send a specially crafted document to a victim on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id16327
published2005-02-08
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16327
titleMS05-012: Vulnerability in OLE and COM Could Allow Code Execution (873333)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(16327);
 script_version("1.38");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-0047", "CVE-2005-0044");
 script_bugtraq_id(12488, 12483);
 script_xref(name:"MSFT", value:"MS05-012");
 script_xref(name:"CERT", value:"597889");
 script_xref(name:"CERT", value:"927889");
 script_xref(name:"EDB-ID", value:"1019");
 script_xref(name:"MSKB", value:"873333");

 script_name(english:"MS05-012: Vulnerability in OLE and COM Could Allow Code Execution (873333)");
 script_summary(english:"Checks for KB 873333 via the registry");

 script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host through Explorer.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Windows that is affected by two
vulnerabilities when dealing with OLE and/or COM.

These vulnerabilities could allow a local user to escalate his
privileges and allow a remote user to execute arbitrary code on the
remote host.

To exploit these flaws, an attacker would need to send a specially
crafted document to a victim on the remote host.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-012");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/08");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/08");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl" , "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-012';
kb = '873333';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'3,4', xp:'1,2', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Ole32.dll", version:"5.2.3790.250", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Ole32.dll", version:"5.1.2600.1619", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Ole32.dll", version:"5.1.2600.2595", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Ole32.dll", version:"5.0.2195.7021", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2011-05-16T04:00:26.376-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameAndrew Buttner
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1159
    statusaccepted
    submitted2005-02-15T12:00:00.000-04:00
    titleWindows 2000 COM Structured Storage Vulnerability
    version71
  • accepted2011-05-16T04:02:29.213-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:2351
    statusaccepted
    submitted2005-02-15T12:00:00.000-04:00
    titleWindows XP,SP2 COM Structured Storage Vulnerability
    version70
  • accepted2011-05-16T04:02:38.881-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:2892
    statusaccepted
    submitted2005-03-29T12:00:00.000-04:00
    titleWindows XP,SP1 COM Structured Storage Vulnerability
    version69
  • accepted2005-04-13T12:15:00.000-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    descriptionWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:901
    statusaccepted
    submitted2005-02-15T12:00:00.000-04:00
    titleServer 2003 COM Structured Storage Vulnerability
    version66

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:5342
last seen2017-11-19
modified2006-10-28
published2006-10-28
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-5342
titleMS Windows COM Structured Storage Local Exploit (MS05-012)

References