Vulnerability CVE-2005-0063

Vulnerability Name:

CVE-2005-0063 (CCN-19835)

Assigned:

2005-04-12

Published:

2005-04-12

Updated:

2019-04-30

Summary:

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-0063

Source: BUGTRAQ
Type: UNKNOWN
20050529 Spam exploiting MS05-016

Source: CCN
Type: CIAC INFORMATION BULLETIN P-179
Vulnerability in Windows Shell (893086)

Source: IDEFENSE
Type: Patch
20050412 Microsoft MSHTA Script Execution Vulnerability

Source: CCN
Type: US-CERT VU#673051
Microsoft Windows opens OLE2 documents using a program specified internally by the document

Source: CCN
Type: Microsoft Security Bulletin MS05-016
Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)

Source: CCN
Type: Microsoft Security Bulletin MS05-049
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

Source: CCN
Type: Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

Source: CCN
Type: Microsoft Security Bulletin MS06-045
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)

Source: CCN
Type: Microsoft Security Bulletin MS06-057
Vulnerability in Windows Explorer Could Allow Remote Execution (923191)

Source: CCN
Type: Microsoft Security Bulletin MS07-006
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

Source: MISC
Type: UNKNOWN
http://www.securiteam.com/exploits/5YP0T0AFFW.html

Source: BID
Type: UNKNOWN
13132

Source: CCN
Type: BID-13132
Microsoft Windows Shell Remote Code Execution Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-0335

Source: MS
Type: UNKNOWN
MS05-016

Source: XF
Type: UNKNOWN
windows-htmlapphost-command-execution(19835)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2184

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3456

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:407

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4710

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:573

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:587

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:3456	V	MSHTA Code Execution Vulnerability (32-bit XP,SP1)	2011-05-16
oval:org.mitre.oval:def:573	V	MSHTA Code Execution Vulnerability (32-bit XP,SP2)	2011-05-16
oval:org.mitre.oval:def:4710	V	MSHTA Code Execution Vulnerability (Windows 2000)	2011-05-16
oval:org.mitre.oval:def:2184	V	MSHTA Code Execution Vulnerability (64-bit XP,SP1)	2011-05-16
oval:org.mitre.oval:def:407	V	MSHTA Code Execution Vulnerability (32-bit Server 2003)	2007-02-20
oval:org.mitre.oval:def:587	V	MSHTA Code Execution Vulnerability (64-bit Server 2003 and XP Version 2003)	2007-02-20

BACK