ID CVE-2005-1987
Summary Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
References
Vulnerable Configurations
  • Microsoft Exchange Server 2000 Service Pack 3
    cpe:2.3:a:microsoft:exchange_server:2000:sp3
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:-:fr
    cpe:2.3:o:microsoft:windows_2000:-:sp4:-:fr
  • cpe:2.3:o:microsoft:windows_2003_server:64-bit
    cpe:2.3:o:microsoft:windows_2003_server:64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:itanium
    cpe:2.3:o:microsoft:windows_2003_server:itanium
  • cpe:2.3:o:microsoft:windows_2003_server:r2
    cpe:2.3:o:microsoft:windows_2003_server:r2
  • cpe:2.3:o:microsoft:windows_2003_server:sp1
    cpe:2.3:o:microsoft:windows_2003_server:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:-:itanium
    cpe:2.3:o:microsoft:windows_2003_server:sp1:-:itanium
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • Microsoft windows xp_sp1 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp1:tablet_pc
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
CVSS
Base: 7.5 (as of 14-10-2005 - 11:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS05-048.NASL
description An unchecked buffer condition could allow an attacker to execute arbitrary code on the remote host. To execute this flaw, an attacker would need to send a malformed message via SMTP to the remote host, either by using the SMTP server (if Exchange is installed) or by sending an email to a user on the remote host. When the email is processed by CDO, an unchecked buffer may allow cause code execution.
last seen 2019-02-21
modified 2018-11-15
plugin id 20001
published 2005-10-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=20001
title MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
oval via4
  • accepted 2011-05-16T04:00:21.543-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
    family windows
    id oval:org.mitre.oval:def:1130
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Buffer Overflow in CDOSYS Message Processing (Server 2003)
    version 68
  • accepted 2014-09-29T04:00:08.199-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Dragos Prisaca
      organization G2, Inc.
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    description Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
    family windows
    id oval:org.mitre.oval:def:1201
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Buffer Overflow in CDOEX Message Processing
    version 78
  • accepted 2011-05-16T04:00:55.373-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
    family windows
    id oval:org.mitre.oval:def:1406
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Buffer Overflow in CDOSYS Message Processing (WinXP,SP1)
    version 67
  • accepted 2011-05-16T04:00:57.283-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
    family windows
    id oval:org.mitre.oval:def:1420
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Buffer Overflow in CDOSYS Message Processing (Win2K,SP4)
    version 68
  • accepted 2011-05-16T04:01:11.512-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
    family windows
    id oval:org.mitre.oval:def:1515
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Buffer Overflow in CDOSYS Message Processing (WinXP,SP2)
    version 68
  • accepted 2011-05-16T04:03:13.817-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
    family windows
    id oval:org.mitre.oval:def:581
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Buffer Overflow in CDOSYS Message Processing (Server 2003,SP1)
    version 67
  • accepted 2011-05-16T04:03:32.681-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
    family windows
    id oval:org.mitre.oval:def:848
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Buffer Overflow in CDOSYS Message Processing (64-bit WinXP,SP1)
    version 67
refmap via4
bid 15067
bugtraq 20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability
cert TA05-284A
cert-vn VU#883460
fulldisc 20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability
ms MS05-048
mskb Q907245
osvdb 19905
sectrack
  • 1015038
  • 1015039
secunia 17167
xf win-cdo-bo(22495)
Last major update 17-10-2016 - 23:23
Published 13-10-2005 - 06:02
Last modified 12-10-2018 - 17:36
Back to Top