Vulnerabilities > CVE-2005-0063 - Remote Code Execution vulnerability in Microsoft Windows Shell
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 21 |
Exploit-Db
description | MS Windows (HTA) Script Execution Exploit (MS05-016). CVE-2005-0063. Local exploit for windows platform |
id | EDB-ID:938 |
last seen | 2016-01-31 |
modified | 2005-04-14 |
published | 2005-04-14 |
reporter | ZwelL |
source | https://www.exploit-db.com/download/938/ |
title | Microsoft Windows - HTA Script Execution Exploit MS05-016 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-016.NASL |
description | The remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to elevate his privileges and/or execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or into opening a malicious file attachment. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18020 |
published | 2005-04-12 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18020 |
title | MS05-016: Vulnerability in Windows Shell (893086) |
code |
|
Oval
accepted 2011-05-16T04:02:24.596-04:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. family windows id oval:org.mitre.oval:def:2184 status accepted submitted 2005-05-04T12:00:00.000-04:00 title MSHTA Code Execution Vulnerability (64-bit XP,SP1) version 68 accepted 2011-05-16T04:02:46.707-04:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name John Hoyland organization Centennial Software name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. family windows id oval:org.mitre.oval:def:3456 status accepted submitted 2005-05-04T12:00:00.000-04:00 title MSHTA Code Execution Vulnerability (32-bit XP,SP1) version 69 accepted 2007-02-20T13:40:29.778-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name John Hoyland organization Centennial Software
description The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. family windows id oval:org.mitre.oval:def:407 status accepted submitted 2005-05-04T12:00:00.000-04:00 title MSHTA Code Execution Vulnerability (32-bit Server 2003) version 65 accepted 2011-05-16T04:03:03.562-04:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. family windows id oval:org.mitre.oval:def:4710 status accepted submitted 2005-05-04T12:00:00.000-04:00 title MSHTA Code Execution Vulnerability (Windows 2000) version 69 accepted 2011-05-16T04:03:12.926-04:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. family windows id oval:org.mitre.oval:def:573 status accepted submitted 2005-05-04T12:00:00.000-04:00 title MSHTA Code Execution Vulnerability (32-bit XP,SP2) version 69 accepted 2007-02-20T13:40:47.817-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name John Hoyland organization Centennial Software
description The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. family windows id oval:org.mitre.oval:def:587 status accepted submitted 2005-05-04T12:00:00.000-04:00 title MSHTA Code Execution Vulnerability (64-bit Server 2003 and XP Version 2003) version 66
References
- http://marc.info/?l=bugtraq&m=111755356016155&w=2
- http://www.idefense.com/application/poi/display?id=231&type=vulnerabilities
- http://www.securiteam.com/exploits/5YP0T0AFFW.html
- http://www.securityfocus.com/bid/13132
- http://www.vupen.com/english/advisories/2005/0335
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3456
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A407
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4710
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A573
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A587