CVE-2005-2118 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

42.5%

top 2.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedOct 21

Latest updateMay 1

Description

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_serverr2

🔴Vulnerability Details

GHSA

GHSA-vwf9-vv72-fw75: Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via↗2022-05-01

▶

CVEList

CVE-2005-2118: Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via↗2005-10-21

▶