CVE-2005-0047
First published: Mon May 02 2005(Updated: )
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows Server 2003 | =web | |
| Microsoft Windows Server 2003 | =enterprise | |
| Microsoft Windows Server 2003 | =enterprise_64-bit | |
| Microsoft Windows XP | =gold | |
| Microsoft Windows 2000 | ||
| Microsoft Windows XP | ||
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows 2000 | =sp2 | |
| Microsoft Windows Server 2003 | =r2 | |
| Microsoft Windows 2000 | =sp1 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows Server 2003 | =standard | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows Server 2003 | =r2 | |
| Microsoft Windows 2000 | =sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- http://www.kb.cert.org/vuls/id/597889
- http://www.argeniss.com/research/SSExploit.c
- http://marc.info/?l=bugtraq&m=111755870828817&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19105
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A901
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2892
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2351
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1159
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012
Frequently Asked Questions
What is the severity of CVE-2005-0047?
CVE-2005-0047 is considered critical as it can allow attackers to execute arbitrary code on affected systems.
How do I fix CVE-2005-0047?
To fix CVE-2005-0047, users should apply the latest security updates and patches provided by Microsoft for their affected Windows operating systems.
Which Windows versions are affected by CVE-2005-0047?
CVE-2005-0047 affects Windows 2000, Windows XP, and Windows Server 2003 in various service pack configurations.
What type of vulnerability is CVE-2005-0047 classified as?
CVE-2005-0047 is classified as a memory validation vulnerability in COM structured storage files.
Can CVE-2005-0047 be exploited remotely?
Yes, CVE-2005-0047 can potentially be exploited remotely if a malicious COM structured storage file is opened by a user.
- agent/type
- agent/event
- agent/first-publish-date
- agent/remedy
- agent/softwarecombine
- agent/references
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- vendor/microsoft
- vendor/windows xp
- vendor/windows 2003 server
- vendor/windows 2000
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/description
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/web
- version/microsoft windows server 2003/enterprise
- version/microsoft windows server 2003/enterprise_64-bit
- version/microsoft windows xp/gold
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- version/microsoft windows xp/sp2
- version/microsoft windows 2000/sp2
- version/microsoft windows server 2003/r2
- version/microsoft windows 2000/sp1
- version/microsoft windows server 2003/standard
- version/microsoft windows 2000/sp3