CVE-2005-1987

EPSS 59.29%
Published 13.10.2005 10:02:00
Last modified 03.04.2025 01:03:51
Source secure@microsoft.com
Teams watchlist Login
Open Login

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2000 Updatesp3

Microsoft ≫ Windows 2000 Version- Updatesp4 Langfr

Microsoft ≫ Windows Server 2003 Version- HwPlatformitanium

Microsoft ≫ Windows Server 2003 Version- HwPlatformx64

Microsoft ≫ Windows Server 2003 Versionr2

Microsoft ≫ Windows Server 2003 Versionsp1

Microsoft ≫ Windows Server 2003 Versionsp1 HwPlatformitanium

Microsoft ≫ Windows Xp Version- HwPlatformx64

Microsoft ≫ Windows Xp Version- Updatesp1 SwEditiontablet_pc

Microsoft ≫ Windows Xp Version- Updatesp2 SwEditiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	59.29%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://www.us-cert.gov/cas/techalerts/TA05-284A.html

Third Party Advisory

US Government Resource

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html

Broken Link

http://marc.info/?l=bugtraq&m=112915118302012&w=2

Third Party Advisory

Mailing List

http://secunia.com/advisories/17167

Third Party Advisory

http://securitytracker.com/id?1015038

Third Party Advisory