7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
High
0.495 Medium
EPSS
Percentile
97.5%
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the “Input Validation Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:exchange_server | microsoft exchange server | eq | 5.0 |
www.kb.cert.org/vuls/id/927889
www.us-cert.gov/cas/techalerts/TA05-039A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012
exchange.xforce.ibmcloud.com/vulnerabilities/19109
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1180
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2917
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3568
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4499