CVE-2005-0044 — Microsoft Exchange Server vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

50.9%

top 2.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server Microsoft Windows 2003 Server

Timeline

PublishedMay 2

Latest updateMay 1

Description

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

▶NVDmicrosoft/exchange_server5.0

Patches

Patch: www.kb.cert.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-m4w4-9m3w-pg34: The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5↗2022-05-01

▶

CVEList

CVE-2005-0044: The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5↗2005-02-08

▶