Vulnerability Name:

CVE-2005-1208 (CCN-20821)

Assigned:2005-06-14
Published:2005-06-14
Updated:2018-10-12
Summary:Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: VulnWatch Mailing List, Tue Jun 14 2005 - 18:57:58 CDT
eEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow

Source: VULNWATCH
Type: Patch, Vendor Advisory
20050614 eEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow

Source: MITRE
Type: CNA
CVE-2005-1208

Source: CCN
Type: SA15683
Microsoft Windows HTML Help Input Validation Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
15683

Source: CCN
Type: US-CERT VU#851869
Microsoft HTML Help vulnerable to integer overflow

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#851869

Source: CCN
Type: Microsoft Security Bulletin MS05-026
Vulnerability in HTML Help Could Allow Remote Code Execution (896358)

Source: BID
Type: UNKNOWN
13953

Source: CCN
Type: BID-13953
Microsoft Windows HTML Help Remote Code Execution Vulnerability

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
TA05-165A

Source: MS
Type: UNKNOWN
MS05-026

Source: XF
Type: UNKNOWN
win-htmlhelp-code-execution(20821)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1057

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:381

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:463

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:381
    V
    		Server 2003 HTML Help Remote Code Execution Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:463
    V
    		Windows 2000 HTML Help Remote Code Execution Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:1057
    V
    		Windows XP HTML Help Remote Code Execution Vulnerability
    2011-05-16
    BACK
    microsoft windows 2000 *
    microsoft windows 2003 server 64-bit
    microsoft windows 2003 server datacenter_64-bit sp1
    microsoft windows 2003 server datacenter_64-bit sp1_beta_1
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise sp1
    microsoft windows 2003 server enterprise sp1_beta_1
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server enterprise_64-bit sp1
    microsoft windows 2003 server enterprise_64-bit sp1_beta_1
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2 sp1
    microsoft windows 2003 server r2 sp1_beta_1
    microsoft windows 2003 server standard
    microsoft windows 2003 server standard sp1
    microsoft windows 2003 server standard sp1_beta_1
    microsoft windows 2003 server standard_64-bit
    microsoft windows 2003 server web
    microsoft windows 2003 server web sp1
    microsoft windows 2003 server web sp1_beta_1
    microsoft windows 98 * gold
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows 98 *
    microsoft windows 98se *
    microsoft windows me *
    microsoft windows 2000 - sp3
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows 2003 server *
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium