Vulnerability CVE-2005-0047

Vulnerability Name:

CVE-2005-0047 (CCN-19105)

Assigned:

2005-02-08

Published:

2005-02-08

Updated:

2019-04-30

Summary:

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2005-0047

Source: BUGTRAQ
Type: UNKNOWN
20050530 [Argeniss] MS05-012 Exploit

Source: MISC
Type: UNKNOWN
http://www.argeniss.com/research/SSExploit.c

Source: CCN
Type: CIAC Information Bulletin P-128
Microsoft Vulnerability in OLE and COM

Source: CCN
Type: US-CERT VU#597889
Microsoft COM Structured Storage Vulnerability

Source: CERT-VN
Type: Patch, US Government Resource
VU#597889

Source: CCN
Type: Microsoft Security Bulletin MS05-012
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

Source: CCN
Type: Microsoft Security Bulletin MS05-051
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

Source: CCN
Type: Microsoft Security Bulletin MS06-018
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)

Source: CCN
Type: BID-12483
Microsoft Windows COM Structured Storage Local Privilege Escalation Vulnerability

Source: CERT
Type: Patch, US Government Resource
TA05-039A

Source: MS
Type: UNKNOWN
MS05-012

Source: XF
Type: UNKNOWN
win-com-gain-privileges(19105)

Source: XF
Type: UNKNOWN
win-com-gain-privileges(19105)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1159

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2351

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2892

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:901

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office:xp:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:office:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office:xp:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:2003:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:5.0:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:2003:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/a:microsoft:office:2003:sp1:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1159	V	Windows 2000 COM Structured Storage Vulnerability	2011-05-16
oval:org.mitre.oval:def:2351	V	Windows XP,SP2 COM Structured Storage Vulnerability	2011-05-16
oval:org.mitre.oval:def:2892	V	Windows XP,SP1 COM Structured Storage Vulnerability	2011-05-16
oval:org.mitre.oval:def:901	V	Server 2003 COM Structured Storage Vulnerability	2005-04-13

BACK