ID CVE-2005-1208
Summary Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2011-05-16T04:00:14.579-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
    family windows
    id oval:org.mitre.oval:def:1057
    status accepted
    submitted 2005-06-20T12:00:00.000-04:00
    title Windows XP HTML Help Remote Code Execution Vulnerability
    version 32
  • accepted 2011-05-16T04:02:53.337-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
    family windows
    id oval:org.mitre.oval:def:381
    status accepted
    submitted 2005-06-20T12:00:00.000-04:00
    title Server 2003 HTML Help Remote Code Execution Vulnerability
    version 29
  • accepted 2011-05-16T04:03:02.244-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
    family windows
    id oval:org.mitre.oval:def:463
    status accepted
    submitted 2005-06-20T12:00:00.000-04:00
    title Windows 2000 HTML Help Remote Code Execution Vulnerability
    version 30
refmap via4
bid 13953
cert TA05-165A
cert-vn VU#851869
ms MS05-026
secunia 15683
vulnwatch 20050614 eEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow
Last major update 12-10-2018 - 21:36
Published 14-06-2005 - 04:00
Back to Top