CVE-2005-1208 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

38.4%

top 2.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedJun 14

Latest updateMay 1

Description

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_server8 versions+7

Patches

Patch: archives.neohapsis.com ↗Patch: secunia.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-pwvv-h6j9-h528: Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code↗2022-05-01

▶

CVEList

CVE-2005-1208: Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code↗2005-06-15

▶