Vulnerability Note VU#883460
Microsoft Collaboration Data Objects buffer overflow
A buffer overflow in Microsoft Collaboration Data Objects may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Collaboration Data Objects (CDO) is a scripting library used to develop applications that handle email. Note that CDO is commonly associated with cdosys.dll and codex.dll. An input validation error in CDO may allow a buffer overflow to occur in applications or components that use CDO. If a remote, unauthenticated attacker supplies an application or component that uses CDO with a specially crafted message, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code.
For more information, including a list of affected software, please see MS05-048. Please note that exploit code for this vulnerability is publicly available.
If a remote attacker supplies an application that uses CDO with a specially crafted message, that attacker may be able execute arbitrary code on a vulnerable system.
Apply an update
Microsoft has addressed this issue in Microsoft Security Bulletin MS05-048.
Disable event sinks on Exchange 2000 Server and on servers that are running IIS
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||11 Oct 2005|
CVSS Metrics (Learn More)
This document was written by Jeff Gennari.
- CVE IDs: CAN-2005-1987
- Date Public: 11 Oct 2005
- Date First Published: 11 Oct 2005
- Date Last Updated: 14 Oct 2005
- Severity Metric: 10.13
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.