Vulnerability CVE-2005-0058

Vulnerability Name:

CVE-2005-0058 (CCN-21599)

Assigned:

2005-08-09

Published:

2005-08-09

Updated:

2018-10-12

Summary:

Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-0058

Source: CCN
Type: SA16354
Microsoft Windows Telephony Service Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
16354

Source: CCN
Type: SECTRACK ID: 1014639
Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation

Source: SECTRACK
Type: UNKNOWN
1014639

Source: CCN
Type: CIAC Information Bulletin P-268
Vulnerability in Telephony Service

Source: CCN
Type: Microsoft Security Bulletin MS05-040
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

Source: BID
Type: UNKNOWN
14518

Source: CCN
Type: BID-14518
Microsoft Windows Telephony Service Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS05-040

Source: XF
Type: UNKNOWN
win-telephony-bo(21599)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100084

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100085

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100086

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100088

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1075

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1213

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1297

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1075	V	Windows XP TAPI Buffer Overflow	2011-05-16
oval:org.mitre.oval:def:1213	V	Windows 2000 TAPI Buffer Overflow	2011-05-16
oval:org.mitre.oval:def:1297	V	Server 2003 TAPI Buffer Overflow	2011-05-16

BACK