Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0058 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

26.8%

top 3.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedAug 10

Latest updateMay 1

Description

Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_serverr2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cg4x-3743-j4cc: Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows X↗2022-05-01

▶

CVEList

CVE-2005-0058: Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows X↗2005-08-10

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Telephony Service Command Execution (MS05-040)↗2006-03-14

▶