ID CVE-2005-0058
Summary Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.
References
Vulnerable Configurations
  • Microsoft Windows 2000
    cpe:2.3:o:microsoft:windows_2000
  • cpe:2.3:o:microsoft:windows_2003_server:r2
    cpe:2.3:o:microsoft:windows_2003_server:r2
  • Microsoft windows 98_gold
    cpe:2.3:o:microsoft:windows_98:-:gold
  • Microsoft windows 98_se
    cpe:2.3:o:microsoft:windows_98se
  • Microsoft Windows ME
    cpe:2.3:o:microsoft:windows_me
  • Microsoft windows xp_gold
    cpe:2.3:o:microsoft:windows_xp:-:gold
CVSS
Base: 7.5 (as of 10-08-2005 - 07:34)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description MS Windows Telephony Service Command Execution Exploit (MS05-040). CVE-2005-0058. Local exploit for windows platform
id EDB-ID:1584
last seen 2016-01-31
modified 2006-03-14
published 2006-03-14
reporter Cesar Cerrudo
source https://www.exploit-db.com/download/1584/
title Microsoft Windows Telephony Service Command Execution Exploit MS05-040
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS05-040.NASL
description The remote host contains a version of the Telephony service that is vulnerable to a security flaw that could allow an attacker to execute arbitrary code and take control of the remote host. On Windows 2000 and Windows 2003 the server must be enabled and only authenticated user can try to exploit this flaw. On Windows 2000 Pro and Windows XP this is a local elevation of privilege vulnerability.
last seen 2019-02-21
modified 2018-11-15
plugin id 19403
published 2005-08-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19403
title MS05-040: Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
oval via4
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:100084
    status deprecated
    submitted 2005-08-16T12:00:00.000-04:00
    title DEPRECATED: Windows XP,SP1 TAPI Buffer Overflow
    version 65
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:100085
    status deprecated
    submitted 2005-08-16T12:00:00.000-04:00
    title Test Consolidated to OVAL Definition 1075
    version 65
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:100086
    status deprecated
    submitted 2005-08-16T12:00:00.000-04:00
    title Test Consolidated to OVAL Definition 1075
    version 65
  • accepted 2005-10-12T05:49:00.000-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:100088
    status deprecated
    submitted 2005-08-16T12:00:00.000-04:00
    title Test Consolidated to OVAL Definition 1297
    version 65
  • accepted 2011-05-16T04:00:17.131-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:1075
    status accepted
    submitted 2005-08-11T04:00:00.000-04:00
    title Windows XP TAPI Buffer Overflow
    version 70
  • accepted 2011-05-16T04:00:33.867-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:1213
    status accepted
    submitted 2005-08-11T04:00:00.000-04:00
    title Windows 2000 TAPI Buffer Overflow
    version 68
  • accepted 2011-05-16T04:00:48.913-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
    family windows
    id oval:org.mitre.oval:def:1297
    status accepted
    submitted 2005-08-11T04:00:00.000-04:00
    title Server 2003 TAPI Buffer Overflow
    version 67
refmap via4
bid 14518
ms MS05-040
sectrack 1014639
secunia 16354
saint via4
bid 14518
description Windows Telephony API buffer overflow
id win_patch_telephony
osvdb 18606
title windows_tapi
type local
Last major update 10-09-2008 - 15:34
Published 10-08-2005 - 00:00
Last modified 12-10-2018 - 17:36
Back to Top