CVE-2005-0063

Microsoft Windows 2000, XP, and Server 2003 - Remote Code Execution via CLSID Modification

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0063. PoCs published by ZwelL.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for CVE-2005-0063, which targets a vulnerability in Microsoft's HTML Help ActiveX control. The exploit crafts a malicious .hta file embedded in a structured storage (OLE) format to achieve arbitrary code execution when the victim opens the file.

Description

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZwelL · c++localwindows

https://www.exploit-db.com/exploits/938

View Code ZIP pw:eip

This is a functional proof-of-concept exploit for CVE-2005-0063, which targets a vulnerability in Microsoft's HTML Help ActiveX control. The exploit crafts a malicious .hta file embedded in a structured storage (OLE) format to achieve arbitrary code execution when the victim opens the file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft HTML Help ActiveX Control (pre-MS05-016 patch)

No auth needed

Prerequisites: Victim must open the malicious .hta file · Target system must be unpatched (pre-MS05-016)

MITRE ATT&CK

T1218 - System Binary Proxy Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3456

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-016

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A407

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111755356016155&w=2

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A587

Various Sources x_refsource_misc

http://www.securiteam.com/exploits/5YP0T0AFFW.html

Patch third-party-advisory x_refsource_idefense

http://www.idefense.com/application/poi/display?id=231&type=vulnerabilities

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/0335

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A573

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2184

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4710

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13132

Scores

EPSS 0.6979

EPSS Percentile 98.7%

Details

Status published

Products (9)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_2003_server enterprise

microsoft/windows_2003_server r2

microsoft/windows_2003_server standard

microsoft/windows_2003_server web

microsoft/windows_98

microsoft/windows_98se

microsoft/windows_me

microsoft/windows_xp (9 CPE variants)

Published May 02, 2005

Tracked Since Feb 18, 2026