Vulnerability CVE-2005-2118

Vulnerability Name:

CVE-2005-2118 (CCN-22478)

Assigned:

2005-10-11

Published:

2005-10-11

Updated:

2019-04-30

Summary:

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-2118

Source: CCN
Type: SA17168
Microsoft Windows Shell and Web View Three Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
17168

Source: CCN
Type: SA17172
Avaya Various Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
17172

Source: CCN
Type: SA17223
Nortel Centrex IP Client Manager Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
17223

Source: CCN
Type: SECTRACK ID: 1015040
Microsoft Windows Shell Bugs in Processing `.lnk` Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015040

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf

Source: MISC
Type: Vendor Advisory
http://www.argeniss.com/research/MSBugPaper.pdf

Source: CCN
Type: Microsoft Security Bulletin MS05-049
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

Source: BID
Type: UNKNOWN
15070

Source: CCN
Type: BID-15070
Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability

Source: CERT
Type: Third Party Advisory, US Government Resource
TA05-284A

Source: MS
Type: UNKNOWN
MS05-049

Source: XF
Type: UNKNOWN
win-lnk-properties-execute-code(22478)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1116

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1192

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1116	V	.lnk File-Properties Remote Code Execution Vulnerability (Windows XP)	2011-05-16
oval:org.mitre.oval:def:1192	V	.lnk File-Properties Remote Code Execution Vulnerability (Windows 2000)	2011-05-16

BACK