| Vulnerability Name: | CVE-2005-3172 (CCN-24403) | ||||||||
| Assigned: | 2005-06-28 | ||||||||
| Published: | 2005-06-28 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-3172 Source: CCN Type: Microsoft Knowledge Base Article 824867 WideCharToMultiByte Function Does Not Convert Japanese Composite Characters Correctly Source: MSKB Type: Patch, Vendor Advisory 824867 Source: CCN Type: Microsoft Knowledge Base Article 900345 Fixes that are included in the Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 that is dated June 28, 2005 Source: MSKB Type: Patch, Vendor Advisory 900345 Source: CCN Type: Microsoft Security Advisory (891861) Release of Update Rollup 1 for Windows 2000 Service Pack 4 (SP4) Source: CCN Type: OSVDB ID: 19997 Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue Source: CCN Type: IBM Internet Security Systems X-Force Database Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed Source: XF Type: UNKNOWN win2k-widechartomultibyte-conversion(24403) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||