Lucene search

[email protected]CVE-2005-0044

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0044

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

input validation

vulnerability

windows

ole

remote code execution

cve-2005-0044

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.495 Medium

EPSS

Percentile

97.5%

JSON

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the “Input Validation Vulnerability.”

Affected configurations

NVD

Node

microsoftexchange_serverMatch5.0

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

microsoftwindows_2000sp3

microsoftwindows_2000sp4

microsoftwindows_2003_serverMatchenterprise64-bit

microsoftwindows_2003_serverMatchenterprise_64-bit

microsoftwindows_2003_serverMatchr264-bit

microsoftwindows_2003_serverMatchr2datacenter_64-bit

microsoftwindows_2003_serverMatchstandard64-bit

microsoftwindows_2003_serverMatchweb

microsoftwindows_98gold

microsoftwindows_98se

microsoftwindows_me

microsoftwindows_xp64-bit

microsoftwindows_xphome

microsoftwindows_xpmedia_center

microsoftwindows_xpgoldprofessional

microsoftwindows_xpsp164-bit

microsoftwindows_xpsp1home

microsoftwindows_xpsp1media_center

microsoftwindows_xpsp2home

microsoftwindows_xpsp2media_center

microsoftwindows_xpsp2tablet_pc

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq5.0

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	5.0

References

www.kb.cert.org/vuls/id/927889

www.us-cert.gov/cas/techalerts/TA05-039A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012

exchange.xforce.ibmcloud.com/vulnerabilities/19109

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1180

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2917

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3568

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4499

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.495 Medium

EPSS

Percentile

97.5%

JSON

Related for CVE-2005-0044

cert1 nvd1 cvelist1 securityvulns1 nessus1