Описание
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-1987
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22495
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1130
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1201
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1406
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1420
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1515
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A581
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A848
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html
- http://marc.info/?l=bugtraq&m=112915118302012&w=2
- http://secunia.com/advisories/17167
- http://securitytracker.com/id?1015038
- http://securitytracker.com/id?1015039
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ907245
- http://support.microsoft.com/default.aspx?scid=kb;[LN];Q907245
- http://www.kb.cert.org/vuls/id/883460
- http://www.osvdb.org/19905
- http://www.securityfocus.com/bid/15067
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Связанные уязвимости
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.