| Vulnerability Name: | CVE-2005-0545 (CCN-19461) | ||||||||
| Assigned: | 2005-02-23 | ||||||||
| Published: | 2005-02-23 | ||||||||
| Updated: | 2019-04-30 | ||||||||
| Summary: | Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. Note: this issue has been disputed in a followup post. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Feb 23 2005 - 12:58:22 CST Office 10 applications & flashdrives can be used to browse restricted drives Source: MITRE Type: CNA CVE-2005-0545 Source: BUGTRAQ Type: UNKNOWN 20050225 Re: Office 10 applications & flashdrives can be used to browse restricted Source: CCN Type: Microsoft Knowledge Base Article 302753 OFF2000: Office Programs Can Browse Restricted Drives Source: CCN Type: OSVDB ID: 14182 Microsoft Windows Drive Restriction Group Policy Bypass Source: CCN Type: Securiteam Web site, Windows NT focus 24 Feb 2005 Office Programs Can Browse Restricted Drives Source: BUGTRAQ Type: Vendor Advisory 20050223 Office 10 applications & flashdrives can be used to browse restricted drives Source: BID Type: UNKNOWN 12641 Source: CCN Type: BID-12641 Microsoft Windows 2000 Group Policy Bypass Vulnerability Source: XF Type: UNKNOWN office-information-disclosure(19461) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||