Lucene search

[email protected]CVE-2005-1987

HistoryOct 13, 2005 - 10:02 a.m.

CVE-2005-1987

2005-10-1310:02:00

CWE-120

[email protected]

web.nvd.nist.gov

cve-2005-1987

buffer overflow

collaboration data objects

cdo

microsoft windows

microsoft exchange server

remote code execution

email security

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.901 High

EPSS

Percentile

98.8%

JSON

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the “Content-Type” string.

Affected configurations

NVD

Node

microsoftexchange_serverMatch2000sp3

Node

microsoftwindows_2000Match-sp4fr

microsoftwindows_server_2003Match-itanium

microsoftwindows_server_2003Match-x64

microsoftwindows_server_2003Matchr2

microsoftwindows_server_2003Matchsp1

microsoftwindows_server_2003Matchsp1itanium

microsoftwindows_xpMatch-x64

microsoftwindows_xpMatch-sp1tablet_pc

microsoftwindows_xpMatch-sp2tablet_pc

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq2000

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	2000

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html

marc.info/?l=bugtraq&m=112915118302012&w=2

secunia.com/advisories/17167

securitytracker.com/id?1015038

securitytracker.com/id?1015039

support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ907245

www.kb.cert.org/vuls/id/883460

www.osvdb.org/19905

www.securityfocus.com/bid/15067

www.us-cert.gov/cas/techalerts/TA05-284A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048

exchange.xforce.ibmcloud.com/vulnerabilities/22495

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1130

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1201

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1406

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1420

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1515

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A581

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A848

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.901 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2005-1987

checkpoint_advisories1 cvelist1 securityvulns2 nvd1 nessus1 cert1