Oval Definition:oval:org.mitre.oval:def:1297
Revision Date:2011-05-16Version:45
Title:Server 2003 TAPI Buffer Overflow
Description:Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-0058
Platform(s):Microsoft Windows Server 2003
Product(s):Telephony Service
Definition Synopsis
  • Software section
  • Windows Server 2003 is installed
  • AND a vulnerable version of tapisrv.dll exists
  • for 32-bit or 64-bit (itanium architecture) Windows gold edition a vulnerable version of tapisrv.dll exists
  • 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed
  • 32-Bit version of Windows is installed
  • OR a version of Windows for the ia64 architecture is installed
  • AND NOT Win2K/XP/2003 is patched
  • AND the version of tapisrv.dll is less than 5.2.3790.366
  • OR for 32-bit or 64-bit (itanium architecture) Windows with SP1 a vulnerable version of tapisrv.dll exists
  • 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed
  • 32-Bit version of Windows is installed
  • OR a version of Windows for the ia64 architecture is installed
  • AND Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of tapisrv.dll is less than 5.2.3790.2483
  • OR for 64-bit (x64 arch) Windows (gold edition) a vulnerable version of tapisrv.dll exists
  • 64-Bit (x64 architecture) version of Windows is installed
  • AND NOT Win2K/XP/2003 is patched
  • AND the version of tapisrv.dll is less than 5.2.3790.2483
  • AND NOT the patch kb893756 is installed (Hotfix key)
  • AND Configuration section
  • the Telephony service is enabled
    • BACK