1. Home
  2. CVE Database
  3. CVE-2005-0063
HIGH · 7.5

CVE-2005-0063

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID st...

Vulnerability Description

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
MicrosoftWindows 2003 Serverenterprise
MicrosoftWindows 98All versions
MicrosoftWindows 98SeAll versions
MicrosoftWindows MeAll versions
MicrosoftWindows XpAll versions

References

FAQ

What is CVE-2005-0063?

CVE-2005-0063 is a vulnerability with a CVSS score of 7.5 (HIGH). The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID st...

How severe is CVE-2005-0063?

CVE-2005-0063 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-0063?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows 98, Microsoft Windows 98Se, Microsoft Windows Me.