Vulnerability Description
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | enterprise |
| Microsoft | Windows Xp | All versions |
References
- http://marc.info/?l=bugtraq&m=111755870828817&w=2
- http://www.argeniss.com/research/SSExploit.c
- http://www.kb.cert.org/vuls/id/597889PatchUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlPatchUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19105
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=111755870828817&w=2
- http://www.argeniss.com/research/SSExploit.c
- http://www.kb.cert.org/vuls/id/597889PatchUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-039A.htmlPatchUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-01
FAQ
What is CVE-2005-0047?
CVE-2005-0047 is a vulnerability with a CVSS score of 7.2 (HIGH). Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Sto...
How severe is CVE-2005-0047?
CVE-2005-0047 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0047?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Xp.