Vulnerability Description
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 5.0 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | enterprise |
| Microsoft | Windows 98 | All versions |
| Microsoft | Windows 98Se | All versions |
| Microsoft | Windows Me | All versions |
| Microsoft | Windows Xp | All versions |
References
- http://www.kb.cert.org/vuls/id/927889PatchUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19109
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.kb.cert.org/vuls/id/927889PatchUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19109
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-0044?
CVE-2005-0044 is a vulnerability with a CVSS score of 7.5 (HIGH). The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers...
How severe is CVE-2005-0044?
CVE-2005-0044 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0044?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows 98, Microsoft Windows 98Se.