CVE-2005-3172 — MEDIUM (5.0)

Vulnerability Description

The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Microsoft	Windows 2000	All versions

References

http://support.microsoft.com/kb/824867PatchVendor Advisory
http://support.microsoft.com/kb/900345PatchVendor Advisory
http://support.microsoft.com/kb/824867PatchVendor Advisory
http://support.microsoft.com/kb/900345PatchVendor Advisory

FAQ

What is CVE-2005-3172?

CVE-2005-3172 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could preven...

How severe is CVE-2005-3172?

CVE-2005-3172 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-3172?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000.