CVE-2005-0045

Current Description

The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.

Basic Data

PublishedMay 02, 2005
Last ModifiedApril 30, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 2000********
    2.3OSMicrosoftWindows 2000*sp1******
    2.3OSMicrosoftWindows 2000*sp2******
    2.3OSMicrosoftWindows 2000*sp3******
    2.3OSMicrosoftWindows 2000*sp4******
    2.3OSMicrosoftWindows 2003 Serverenterprise*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverenterprise_64-bit*******
    2.3OSMicrosoftWindows 2003 Serverr2*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverr2*datacenter_64-bit*****
    2.3OSMicrosoftWindows 2003 Serverstandard*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverweb*******
    2.3OSMicrosoftWindows Nt4.0*enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0*server*****
    2.3OSMicrosoftWindows Nt4.0*terminal_server*****
    2.3OSMicrosoftWindows Nt4.0*workstation*****
    2.3OSMicrosoftWindows Nt4.0sp1enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp1server*****
    2.3OSMicrosoftWindows Nt4.0sp1terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp1workstation*****
    2.3OSMicrosoftWindows Nt4.0sp2enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp2server*****
    2.3OSMicrosoftWindows Nt4.0sp2terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp2workstation*****
    2.3OSMicrosoftWindows Nt4.0sp3enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp3server*****
    2.3OSMicrosoftWindows Nt4.0sp3terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp3workstation*****
    2.3OSMicrosoftWindows Nt4.0sp4enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp4server*****
    2.3OSMicrosoftWindows Nt4.0sp4terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp4workstation*****
    2.3OSMicrosoftWindows Nt4.0sp5enterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp5server*****
    2.3OSMicrosoftWindows Nt4.0sp5terminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp5workstation*****
    2.3OSMicrosoftWindows Nt4.0sp6aenterprise_server*****
    2.3OSMicrosoftWindows Nt4.0sp6aserver*****
    2.3OSMicrosoftWindows Nt4.0sp6aterminal_server*****
    2.3OSMicrosoftWindows Nt4.0sp6aworkstation*****
    2.3OSMicrosoftWindows Xp**64-bit*****
    2.3OSMicrosoftWindows Xp**home*****
    2.3OSMicrosoftWindows Xp**media_center*****
    2.3OSMicrosoftWindows Xp*goldprofessional*****
    2.3OSMicrosoftWindows Xp*sp164-bit*****
    2.3OSMicrosoftWindows Xp*sp1home*****
    2.3OSMicrosoftWindows Xp*sp1media_center*****
    2.3OSMicrosoftWindows Xp*sp2home*****
    2.3OSMicrosoftWindows Xp*sp2media_center*****
    2.3OSMicrosoftWindows Xp*sp2tablet_pc*****

Vulnerable Software List

VendorProductVersions
Microsoft Windows Xp *
Microsoft Windows 2000 *
Microsoft Windows 2003 Server enterprise, enterprise_64-bit, r2, standard, web
Microsoft Windows Nt 4.0

References

NameSourceURLTags
20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerabilityhttp://marc.info/?l=bugtraq&m=110792638401852&w=2BUGTRAQ
20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerabilityhttp://marc.info/?l=bugtraq&m=111040962600205&w=2BUGTRAQ
20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerabilityhttp://marc.info/?l=ntbugtraq&m=110795643831169&w=2NTBUGTRAQ
VU#652537http://www.kb.cert.org/vuls/id/652537CERT-VNPATCH Third Party Advisory US Government Resource
12484http://www.securityfocus.com/bid/12484BID
TA05-039Ahttp://www.us-cert.gov/cas/techalerts/TA05-039A.htmlCERTPATCH Third Party Advisory US Government Resource
MS05-011https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-011MS
win-smb-code-execution(19089)https://exchange.xforce.ibmcloud.com/vulnerabilities/19089XF
oval:org.mitre.oval:def:1606https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1606OVAL
oval:org.mitre.oval:def:1847https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1847OVAL
oval:org.mitre.oval:def:1889https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1889OVAL
oval:org.mitre.oval:def:4043https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4043OVAL