Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0047 — Microsoft Windows 2003 Server vulnerability

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

8.9%

top 7.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedMay 2

Latest updateMay 1

Description

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

Patches

Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-4q9j-c8xc-j26g: Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to e↗2022-05-01

▶

CVEList

CVE-2005-0047: Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to e↗2005-02-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - COM Structured Storage Local (MS05-012)↗2005-05-31

▶