Vulnerability Name: CVE-2005-1208 (CCN-20821) Assigned: 2005-06-14 Published: 2005-06-14 Updated: 2018-10-12 Summary: Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCN Type: VulnWatch Mailing List, Tue Jun 14 2005 - 18:57:58 CDTeEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow Source: VULNWATCH Type: Patch, Vendor Advisory20050614 eEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow Source: MITRE Type: CNACVE-2005-1208 Source: CCN Type: SA15683Microsoft Windows HTML Help Input Validation Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory15683 Source: CCN Type: US-CERT VU#851869Microsoft HTML Help vulnerable to integer overflow Source: CERT-VN Type: Patch, Third Party Advisory, US Government ResourceVU#851869 Source: CCN Type: Microsoft Security Bulletin MS05-026Vulnerability in HTML Help Could Allow Remote Code Execution (896358) Source: BID Type: UNKNOWN13953 Source: CCN Type: BID-13953Microsoft Windows HTML Help Remote Code Execution Vulnerability Source: CERT Type: Patch, Third Party Advisory, US Government ResourceTA05-165A Source: MS Type: UNKNOWNMS05-026 Source: XF Type: UNKNOWNwin-htmlhelp-code-execution(20821) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:1057 Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:381 Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:463 Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:embedded:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
microsoft windows 2000 *
microsoft windows 2003 server 64-bit
microsoft windows 2003 server datacenter_64-bit sp1
microsoft windows 2003 server datacenter_64-bit sp1_beta_1
microsoft windows 2003 server enterprise
microsoft windows 2003 server enterprise sp1
microsoft windows 2003 server enterprise sp1_beta_1
microsoft windows 2003 server enterprise_64-bit
microsoft windows 2003 server enterprise_64-bit sp1
microsoft windows 2003 server enterprise_64-bit sp1_beta_1
microsoft windows 2003 server r2
microsoft windows 2003 server r2
microsoft windows 2003 server r2
microsoft windows 2003 server r2 sp1
microsoft windows 2003 server r2 sp1_beta_1
microsoft windows 2003 server standard
microsoft windows 2003 server standard sp1
microsoft windows 2003 server standard sp1_beta_1
microsoft windows 2003 server standard_64-bit
microsoft windows 2003 server web
microsoft windows 2003 server web sp1
microsoft windows 2003 server web sp1_beta_1
microsoft windows 98 * gold
microsoft windows xp *
microsoft windows xp *
microsoft windows xp *
microsoft windows xp *
microsoft windows xp * gold
microsoft windows xp * gold
microsoft windows xp * sp1
microsoft windows xp * sp1
microsoft windows xp * sp1
microsoft windows xp * sp1
microsoft windows xp * sp1
microsoft windows xp * sp2
microsoft windows xp * sp2
microsoft windows xp * sp2
microsoft windows 98 *
microsoft windows 98se *
microsoft windows me *
microsoft windows 2000 - sp3
microsoft windows xp - sp1
microsoft windows 2000 - sp4
microsoft windows 2003_server
microsoft windows 2003 server *
microsoft windows xp sp2
microsoft windows 2003 server -
microsoft windows 2003_server sp1
microsoft windows 2003_server sp1_itanium