CVE-2005-2122 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 2003 Server

3 documents3 sources

Severity

10.0CRITICALNVD

CNA5.1

EPSS

45.1%

top 2.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedOct 21

Latest updateMay 1

Description

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_serverr2

🔴Vulnerability Details

GHSA

GHSA-9277-v8gr-qjq4: Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (↗2022-05-01

▶

CVEList

CVE-2005-2122: Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (↗2005-10-21

▶