Windows Telephony API buffer overflow

Added: 06/12/2007
CVE: CVE-2005-0058
BID: 14518
OSVDB: 18606

Background

The Windows Telephony API (TAPI) provides telecommunications support for Windows applications.

Problem

A buffer overflow in the Windows Telephony API allows local attackers to execute commands with administrative privileges.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-040.

References

http://www.microsoft.com/technet/security/bulletin/ms05-040.mspx

Limitations

The Telephony service must be running on the target in order for this exploit to succeed.

Platforms

Windows 2000

Back to exploit index