ID CVE-2004-0897
Summary The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2005-05-04T12:33:00.000-04:00
    class vulnerability
    contributors
    name Harvey Rubinovitz
    organization The MITRE Corporation
    description The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
    family windows
    id oval:org.mitre.oval:def:2128
    status accepted
    submitted 2005-03-23T12:00:00.000-04:00
    title Windows 2003/64-bit XP Indexing Service Code Execution Vulnerability
    version 64
  • accepted 2011-05-16T04:02:30.010-04:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    description The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
    family windows
    id oval:org.mitre.oval:def:2447
    status accepted
    submitted 2005-03-23T12:00:00.000-04:00
    title Windows XP Indexing Service Code Execution Vulnerability
    version 73
refmap via4
bid 12228
cert-vn VU#657118
ciac P-095
ms MS05-003
sectrack 1012833
secunia 13802
Last major update 12-10-2018 - 21:35
Published 11-01-2005 - 05:00
Back to Top