Oval Definition:oval:org.mitre.oval:def:1075
Revision Date:2011-05-16Version:48
Title:Windows XP TAPI Buffer Overflow
Description:Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-0058
Platform(s):Microsoft Windows XP
Product(s):Telephony Service
Definition Synopsis
  • Software section
  • Windows XP is installed
  • AND a vulnerable version of tapisrv.dll exists
  • 32-bit version of windows with SP1 or earlier is installed and vulnerable version of tapisrv.dll exists
  • 32-Bit version of Windows is installed
  • AND NOT Win2K/XP/2003 service pack 2 (or later) is installed
  • AND the version of tapisrv.dll is less than 5.1.2600.1715
  • OR 32-bit version of windows with SP2 is installed and vulnerable version of tapisrv.dll exists
  • 32-Bit version of Windows is installed
  • AND Win2K/XP/2003/Vista/2008 service pack 2 is installed
  • AND the version of tapisrv.dll is less than 5.1.2600.2716
  • OR for 64-bit (x64 arch) Windows (gold edition) a vulnerable version of tapisrv.dll exists
  • 64-Bit (x64 architecture) version of Windows is installed
  • AND NOT Win2K/XP/2003 is patched
  • AND the version of tapisrv.dll is less than 5.2.3790.2483
  • AND NOT the patch kb893756 is installed (Hotfix key)
  • AND Configuration section
  • the Telephony service is enabled
    • BACK