CVE-2005-0044

high

Microsoft

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

50.9%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: May 2, 2005 (7682 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

CWE

NVD-CWE-Other

Affected Products

microsoft exchange servermicrosoft windows 2000microsoft windows 2003 servermicrosoft windows 98microsoft windows 98semicrosoft windows memicrosoft windows xp

References

🔗 www.kb.cert.org 🔗 www.us-cert.gov 🔗 docs.microsoft.com 🔗 exchange.xforce.ibmcloud.com 🔗 oval.cisecurity.org

CVE-2005-0044

Vulnerability Report

Description

CWE

Affected Products

References