CVE-2005-1678 : Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove

Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code.

Published 2005-05-20 04:00:00

Updated 2008-09-05 20:49:47

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-1678

Groove » Groove Workspace
Versions up to, including, (<=) 2.5n_build_1871
cpe:2.3:a:groove:groove_workspace:*:*:*:*:*:*:*:*
Matching versions
Groove » Virtual Office
Versions up to, including, (<=) 3.1_build_2338
cpe:2.3:a:groove:virtual_office:*:*:*:*:*:*:*:*
Matching versions
Groove » Virtual Office
Versions up to, including, (<=) 3.1a_build_2364
cpe:2.3:a:groove:virtual_office:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-1678

EPSS FAQ

1.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-1678

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-1678

http://www.kb.cert.org/vuls/id/JGEI-6BCRD6

Third Party Advisory;US Government Resource
http://www.kb.cert.org/vuls/id/232232

Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2005-1678

Products affected by CVE-2005-1678

Exploit prediction scoring system (EPSS) score for CVE-2005-1678

CVSS scores for CVE-2005-1678

References for CVE-2005-1678