CVE-2005-1987
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
13/10/2005
Last modified:
03/04/2025
Description
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:-:sp4:*:fr:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:itanium:* | ||
| cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2003:sp1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2003:sp1:*:*:*:*:*:itanium:* | ||
| cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:tablet_pc:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:tablet_pc:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html
- http://marc.info/?l=bugtraq&m=112915118302012&w=2
- http://secunia.com/advisories/17167
- http://securitytracker.com/id?1015038=
- http://securitytracker.com/id?1015039=
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ907245
- http://www.kb.cert.org/vuls/id/883460
- http://www.osvdb.org/19905
- http://www.securityfocus.com/bid/15067
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22495
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1130
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1201
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1406
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1420
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1515
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A581
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A848
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html
- http://marc.info/?l=bugtraq&m=112915118302012&w=2
- http://secunia.com/advisories/17167
- http://securitytracker.com/id?1015038=
- http://securitytracker.com/id?1015039=
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ907245
- http://www.kb.cert.org/vuls/id/883460
- http://www.osvdb.org/19905
- http://www.securityfocus.com/bid/15067
- http://www.us-cert.gov/cas/techalerts/TA05-284A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22495
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1130
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1201
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1406
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1420
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1515
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A581
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A848