Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-0045

Published: 02/05/2005 Updated: 30/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Windows 2000

Vulnerability Summary

The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote malicious users to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2000

microsoft windows 2003 server standard

microsoft windows 2003 server web

microsoft windows nt 4.0

microsoft windows xp

microsoft windows 2003 server enterprise

microsoft windows 2003 server enterprise_64-bit

microsoft windows 2003 server r2

Exploits

Exploit DB: Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011)
/* * Windows SMB Client Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against >> Win2k << * * cybertronic[at]gmx[dot]net * wwwlivejournalcom/users/cybertronic/ * * usage: * gcc -o mssmb_poc mssmb_pocc * /mssmb_poc * * connect via \\ip * and hit the netbios folder! * * ***STOP: 0x0 ...

References

NVD-CWE-Otherhttp://www.us-cert.gov/cas/techalerts/TA05-039A.htmlhttp://www.kb.cert.org/vuls/id/652537http://www.securityfocus.com/bid/12484http://marc.info/?l=bugtraq&m=111040962600205&w=2http://marc.info/?l=ntbugtraq&m=110795643831169&w=2http://marc.info/?l=bugtraq&m=110792638401852&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/19089https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4043https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1889https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1847https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1606https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-011https://nvd.nist.govhttps://www.exploit-db.com/exploits/1065/https://www.kb.cert.org/vuls/id/652537
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook