10

CVE-2005-1208

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2003 Server Version64-bit
MicrosoftWindows 2003 Server Versiondatacenter_64-bit Updatesp1
MicrosoftWindows 2003 Server Versiondatacenter_64-bit Updatesp1_beta_1
MicrosoftWindows 2003 Server Versionenterprise Edition64-bit
MicrosoftWindows 2003 Server Versionenterprise Updatesp1
MicrosoftWindows 2003 Server Versionenterprise Updatesp1_beta_1
MicrosoftWindows 2003 Server Versionenterprise_64-bit
MicrosoftWindows 2003 Server Versionenterprise_64-bit Updatesp1
MicrosoftWindows 2003 Server Versionenterprise_64-bit Updatesp1_beta_1
MicrosoftWindows 2003 Server Versionr2 Edition64-bit
MicrosoftWindows 2003 Server Versionr2 Editiondatacenter_64-bit
MicrosoftWindows 2003 Server Versionr2 Updatesp1
MicrosoftWindows 2003 Server Versionr2 Updatesp1_beta_1
MicrosoftWindows 2003 Server Versionstandard Edition64-bit
MicrosoftWindows 2003 Server Versionstandard Updatesp1
MicrosoftWindows 2003 Server Versionstandard Updatesp1_beta_1
MicrosoftWindows 2003 Server Versionstandard_64-bit
MicrosoftWindows 2003 Server Versionweb Updatesp1
MicrosoftWindows 2003 Server Versionweb Updatesp1_beta_1
MicrosoftWindows 98 Updategold
MicrosoftWindows Xp Edition64-bit
MicrosoftWindows Xp Editionembedded
MicrosoftWindows Xp Editionhome
MicrosoftWindows Xp Editionmedia_center
MicrosoftWindows Xp Updategold
MicrosoftWindows Xp Updategold Editionprofessional
MicrosoftWindows Xp Updatesp1 Edition64-bit
MicrosoftWindows Xp Updatesp1 Editionembedded
MicrosoftWindows Xp Updatesp1 Editionhome
MicrosoftWindows Xp Updatesp1 Editionmedia_center
MicrosoftWindows Xp Updatesp1 Editiontablet_pc
MicrosoftWindows Xp Updatesp2 Editionhome
MicrosoftWindows Xp Updatesp2 Editionmedia_center
MicrosoftWindows Xp Updatesp2 Editiontablet_pc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 47.15% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA05-165A.html
Patch
Third Party Advisory
US Government Resource
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0062.html
Patch
Vendor Advisory
http://secunia.com/advisories/15683
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/851869
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/13953
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A381
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A463