Vulnerabilities > CVE-2005-0057 - Unspecified vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus

Summary

The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-015.NASL
descriptionThe remote host is running a version of Windows that contains a flaw in the Hyperlink Object Library that can be abused to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to construct a malicious hyperlink and lure a victim into clicking it.
last seen2020-06-01
modified2020-06-02
plugin id16330
published2005-02-08
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16330
titleMS05-015: Vulnerability in the Hyperlink Object Library may allow code execution (888113)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(16330);
 script_version("1.34");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-0057");
 script_bugtraq_id(12479);
 script_xref(name:"MSFT", value:"MS05-015");
 script_xref(name:"CERT", value:"820427");
 script_xref(name:"MSKB", value:"888113");

 script_name(english:"MS05-015: Vulnerability in the Hyperlink Object Library may allow code execution (888113)");
 script_summary(english:"Checks for KB 888113 via the registry");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web
client.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Windows that contains a flaw in
the Hyperlink Object Library that can be abused to execute arbitrary
code on the remote host.

To exploit this flaw, an attacker would need to construct a malicious
hyperlink and lure a victim into clicking it.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-015");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/08");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/08");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl" , "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-015';
kb = '888113';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'3,4', xp:'1,2', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Hlink.dll", version:"5.2.3790.225", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", file:"Hlink.dll", version:"5.2.3790.225", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Hlink.dll", version:"5.2.3790.227", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2005-04-13T12:15:00.000-04:00
    classvulnerability
    contributors
    nameAndrew Buttner
    organizationThe MITRE Corporation
    descriptionThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:2570
    statusaccepted
    submitted2005-02-24T12:00:00.000-04:00
    titleWindows XP Hyperlink Object Library Unchecked Buffer Vulnerability
    version64
  • accepted2007-02-20T13:40:17.756-05:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameAndrew Buttner
      organizationThe MITRE Corporation
    • nameAndrew Buttner
      organizationThe MITRE Corporation
    descriptionThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:3203
    statusaccepted
    submitted2005-02-10T12:00:00.000-04:00
    titleServer 2003 Hyperlink Object Library Unchecked Buffer Vulnerability
    version65
  • accepted2005-03-23T08:09:00.000-04:00
    classvulnerability
    contributors
    nameChristine Walzer
    organizationThe MITRE Corporation
    descriptionThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
    familywindows
    idoval:org.mitre.oval:def:713
    statusaccepted
    submitted2005-02-10T12:00:00.000-04:00
    titleWindows 2000 Hyperlink Object Library Unchecked Buffer Vulnerability
    version64