CVE-2005-1978 - COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local u

CVE-2005-1978

Summary

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

CVSS

Base:	7.5 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2011-05-16T04:00:42.741-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

family

windows

oval:org.mitre.oval:def:1261

status

accepted

submitted

2005-10-12T12:00:00.000-04:00

title

COM+ Memory Structures Process Permits Remote Code Execution (64-bit XP,SP1)

version

accepted

2011-05-16T04:00:45.483-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

family

windows

oval:org.mitre.oval:def:1269

status

accepted

submitted

2005-10-12T12:00:00.000-04:00

title

COM+ Memory Structures Process Permits Remote Code Execution (WinXP,SP1)

version

accepted

2011-05-16T04:01:04.545-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

family

windows

oval:org.mitre.oval:def:1466

status

accepted

submitted

2005-10-12T12:00:00.000-04:00

title

COM+ Memory Structures Process Permits Remote Code Execution (Server 2003)

version

accepted

2011-05-16T04:01:09.272-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

family

windows

oval:org.mitre.oval:def:1499

status

accepted

submitted

2005-10-12T12:00:00.000-04:00

title

COM+ Memory Structures Process Permits Remote Code Execution (XP,SP2)

version

accepted

2011-05-16T04:03:13.535-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

family

windows

oval:org.mitre.oval:def:576

status

accepted

submitted

2005-10-12T12:00:00.000-04:00

title

COM+ Memory Structures Process Permits Remote Code Execution (Server 2003,SP1)

version

accepted

2011-05-16T04:03:32.111-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name John Hoyland
organization Centennial Software
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

family

windows

oval:org.mitre.oval:def:816

status

accepted

submitted

2005-10-12T12:00:00.000-04:00

title

COM+ Memory Structures Process Permits Remote Code Execution (Win2k,SP4)

version

refmap via4

bid	15057
cert	TA05-284A
cert-vn	VU#950516
confirm	http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
secunia	17161 17172 17223 17509

Last major update

12-10-2018 - 21:36

Published

12-10-2005 - 13:04

Last modified

12-10-2018 - 21:36