Code Execution Vulnerability in Microsoft Windows Document Processing Component
CVE-2005-0063

Currently unrated

Key Information:

Vendor

Microsoft
Status
Windows Xp
Windows 2003 Server
Windows 2000
Windows 98se
Vendor
CVE Published:
2 May 2005

What is CVE-2005-0063?

This vulnerability affects Microsoft Windows' document processing applications, particularly allowing attackers to execute arbitrary code by altering the CLSID stored in a file. If a malicious document is processed by the HTML Application Host (MSHTA), it may lead to unauthorized command execution. This has been demonstrated using Microsoft Word documents, making users vulnerable when opening documents crafted to exploit this flaw.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.