CVE-2005-0047

Sažetak

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

Reference

http://marc.info/?l=bugtraq&m=111755870828817&w=2
http://www.argeniss.com/research/SSExploit.c
http://www.kb.cert.org/vuls/id/597889
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012
https://exchange.xforce.ibmcloud.com/vulnerabilities/19105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1159
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A901

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-04-2019 - 14:27

Objavljeno

02-05-2005 - 04:00