CVE-2005-1208

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Xp; Windows 2000; Windows 98
Vendor: CVE Published:; 14 June 2005

Summary

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.

References

http://www.securityfocus.com/bid/13953

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/15683

third-party-advisoryx_refsource_SECUNIA

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 14, 2005
Vulnerability Reserved
Apr 22, 2005

Collectors

NVD DatabaseMitre Database