CVE-2005-0044 - Slithery Spoke

Description

The OLE component in Windows 98 2000 XP and Server 2003 and Exchange Server 5.0 through 2003 does not properly validate the lengths of messages for certain OLE data which allows remote attackers to execute arbitrary code aka the \Input Validation Vulnerability.\

Reference

http://www.kb.cert.org/vuls/id/927889 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4499 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3568 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2917 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1180 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-012