Vulnerabilities > CVE-2005-0048 - Unspecified vulnerability in Microsoft Windows 2000 and Windows XP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 15 |
Exploit-Db
description MS Windows Malformed IP Options DoS Exploit (MS05-019). CVE-2004-0230,CVE-2004-0790,CVE-2004-1060,CVE-2005-0048,CVE-2005-0688. Dos exploit for windows platform id EDB-ID:942 last seen 2016-01-31 modified 2005-04-17 published 2005-04-17 reporter Yuri Gushin source https://www.exploit-db.com/download/942/ title Microsoft Windows - Malformed IP Options DoS Exploit MS05-019 description Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1). CVE-2005-0048. Dos exploit for windows platform id EDB-ID:25383 last seen 2016-02-03 modified 2005-04-12 published 2005-04-12 reporter Song Liu source https://www.exploit-db.com/download/25383/ title Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability 1
Nessus
NASL family Windows NASL id SMB_KB893066.NASL description The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denial of service attack against a vulnerable system. last seen 2020-06-01 modified 2020-06-02 plugin id 18028 published 2005-04-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18028 title MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18028); script_version("1.37"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2005-0048", "CVE-2004-0790", "CVE-2004-1060", "CVE-2004-0230", "CVE-2005-0688"); script_bugtraq_id(13124, 13116); script_xref(name:"MSFT", value:"MS05-019"); script_xref(name:"MSKB", value:"893066"); script_name(english:"MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) (uncredentialed check)"); script_summary(english:"Checks for hotfix KB893066"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw may allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a denial of service attack against a vulnerable system."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-019"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("tcp_seq_window.nasl", "os_fingerprint.nasl"); script_require_keys("TCP/seq_window_flaw", "Host/OS", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); os = get_kb_item_or_exit("Host/OS") ; conf = get_kb_item_or_exit("Host/OS/Confidence"); if (conf <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); if ("Windows" >!< os) exit(0, "The host is not running Windows."); if ("Windows 4.0" >< os) exit(0, "Windows NT is not reported to be affected."); if ("Windows Server 2003 Service Pack" >< os) exit(0, "Windows 2003 SP1 and later are not reported to be affected."); if (ereg(pattern:"Windows (95|98|ME|XP|Server 2003)", string:os)) { if (get_kb_item("TCP/seq_window_flaw")) { security_hole(port:get_kb_item("SMB/transport")); exit(0); } else exit(0, "The host is not affected."); } else exit(0, "The host is not running one of the versions of Windows reportedly affected.");NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS05-019.NASL description The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw could allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host, or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a Denial of Service against a vulnerable system. last seen 2020-06-01 modified 2020-06-02 plugin id 18023 published 2005-04-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18023 title MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18023); script_version("1.43"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id( "CVE-2004-0230", "CVE-2004-0790", "CVE-2004-1060", "CVE-2005-0048", "CVE-2005-0065", "CVE-2005-0066", "CVE-2005-0067", "CVE-2005-0068", "CVE-2005-0688" ); script_bugtraq_id(13116, 13124, 13658); script_xref(name:"MSFT", value:"MS05-019"); script_xref(name:"CERT", value:"222750"); script_xref(name:"CERT", value:"233754"); script_xref(name:"CERT", value:"396645"); script_xref(name:"CERT", value:"415294"); script_xref(name:"EDB-ID", value:"276"); script_xref(name:"EDB-ID", value:"291"); script_xref(name:"EDB-ID", value:"861"); script_xref(name:"EDB-ID", value:"948"); script_xref(name:"EDB-ID", value:"24030"); script_xref(name:"EDB-ID", value:"24031"); script_xref(name:"EDB-ID", value:"24032"); script_xref(name:"EDB-ID", value:"24033"); script_xref(name:"EDB-ID", value:"25383"); script_xref(name:"EDB-ID", value:"25388"); script_xref(name:"EDB-ID", value:"25389"); script_xref(name:"MSKB", value:"893066"); script_name(english:"MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution (893066)"); script_summary(english:"Checks the remote registry for 893066"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP stack."); script_set_attribute(attribute:"description", value: "The remote host runs a version of Windows that has a flaw in its TCP/IP stack. The flaw could allow an attacker to execute arbitrary code with SYSTEM privileges on the remote host, or to perform a denial of service attack against the remote host. Proof of concept code is available to perform a Denial of Service against a vulnerable system."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-019"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/05"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS05-019'; kb = '893066'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'3,4', xp:'1,2', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Tcpip.sys", version:"5.2.3790.336", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:1, file:"Tcpip.sys", version:"5.1.2600.1693", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Tcpip.sys", version:"5.1.2600.2685", dir:"\system32\drivers", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.0", file:"Tcpip.sys", version:"5.0.2195.7049", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
Oval
accepted 2011-05-16T04:01:43.341-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Dragos Prisaca organization Gideon Technologies, Inc. name Brendan Miles organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." family windows id oval:org.mitre.oval:def:1744 status accepted submitted 2005-08-18T04:00:00.000-04:00 title WinXP IP Validation Vulnerability version 42 accepted 2011-05-16T04:02:54.172-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." family windows id oval:org.mitre.oval:def:3824 status accepted submitted 2005-04-22T12:00:00.000-04:00 title Win2k IP Validation Vulnerability version 39 accepted 2013-09-02T04:05:45.969-04:00 class vulnerability contributors name Matthew Burton organization The MITRE Corporation name John Hoyland organization Centennial Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Dragos Prisaca organization G2, Inc.
description Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." family windows id oval:org.mitre.oval:def:4549 status accepted submitted 2005-08-18T04:00:00.000-04:00 title Server 2003 IP Validation Vulnerability version 41
References
- http://xforce.iss.net/xforce/alerts/id/192
- http://www.us-cert.gov/cas/techalerts/TA05-102A.html
- http://www.kb.cert.org/vuls/id/233754
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4549
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3824
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1744
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019