1. CVE-Search
  2. CVE-2005-1985
ID CVE-2005-1985
Summary The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-05-16T04:00:19.694-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
    family windows
    id oval:org.mitre.oval:def:1106
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title CSNW Remote Buffer Overflow via Network Messages (WinXP,SP1)
    version 68
  • accepted 2011-05-16T04:00:33.573-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
    family windows
    id oval:org.mitre.oval:def:1210
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title CSNW Remote Buffer Overflow via Network Messages (WinXP,SP2)
    version 69
  • accepted 2011-05-16T04:01:15.712-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
    family windows
    id oval:org.mitre.oval:def:1536
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title CSNW Remote Buffer Overflow via Network Messages (Win2k,SP4)
    version 68
  • accepted 2011-05-16T04:01:17.285-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
    family windows
    id oval:org.mitre.oval:def:1544
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title CSNW Remote Buffer Overflow via Network Messages (Server 2003)
    version 68
  • accepted 2011-05-16T04:03:35.840-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
    family windows
    id oval:org.mitre.oval:def:910
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title CSNW Remote Buffer Overflow via Network Messages (Server 2003,SP1)
    version 68
refmap via4
bid 15066
osvdb 19922
sectrack 1015041
secunia 17165
xf win-csnw-bo(21700)
Last major update 12-10-2018 - 21:36
Published 13-10-2005 - 10:02
Last modified 12-10-2018 - 21:36
Back to Top