CVE-2005-1987

Опубликовано: 13 окт. 2005

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html
Broken Link
http://marc.info/?l=bugtraq&m=112915118302012&w=2
Mailing List
Third Party Advisory
http://secunia.com/advisories/17167
Third Party Advisory
http://securitytracker.com/id?1015038
Third Party Advisory
VDB Entry
http://securitytracker.com/id?1015039
Third Party Advisory
VDB Entry
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ907245
http://www.kb.cert.org/vuls/id/883460
Third Party Advisory
US Government Resource
http://www.osvdb.org/19905
Broken Link
http://www.securityfocus.com/bid/15067
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/22495
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1130
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1201
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1406
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1420
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1515
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A581
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A848
Third Party Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:fr:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:sp1:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:sp1:*:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:tablet_pc:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:tablet_pc:*:*:*

EPSS

Процентиль: 98%

0.57021

Средний

7.5 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-pfww-hw2q-8mc3

github

почти 4 года назад