CVE-2005-0063

Microsoft Windows <2000-2003 - RCE

Title source: llm

Description

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ZwelL · c++localwindows
https://www.exploit-db.com/exploits/938

References (12)

Scores

EPSS 0.6979
EPSS Percentile 98.7%

Details

Status published
Products (9)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server enterprise
microsoft/windows_2003_server r2
microsoft/windows_2003_server standard
microsoft/windows_2003_server web
microsoft/windows_98
microsoft/windows_98se
microsoft/windows_me
microsoft/windows_xp (9 CPE variants)
Published May 02, 2005
Tracked Since Feb 18, 2026