Code Execution Vulnerability in Microsoft Windows Document Processing Component
CVE-2005-0063

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows 2003 Server; Windows 2000; Windows 98se
Vendor: CVE Published:; 2 May 2005

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 69%

What is CVE-2005-0063?

This vulnerability affects Microsoft Windows' document processing applications, particularly allowing attackers to execute arbitrary code by altering the CLSID stored in a file. If a malicious document is processed by the HTML Application Host (MSHTA), it may lead to unauthorized command execution. This has been demonstrated using Microsoft Word documents, making users vulnerable when opening documents crafted to exploit this flaw.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2005-0063 - Proof of Concept

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

69% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 2, 2005
👾
Exploit known to exist
May 2, 2005
Vulnerability published
May 2, 2005
Vulnerability Reserved
Jan 11, 2005

CVE-2005-0063 Data

JSON