VYPR
← All advisories
Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026

CVE-2005-0545

CVE-2005-0545

Description

Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local users can bypass Windows group policies restricting hidden drives using Office 10 applications or flash drives, though the policy is not a security feature and the issue is disputed.

Vulnerability

On Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory, group policies that hide specified drives in My Computer and prevent access to drives from My Computer can be bypassed. The policy is intended to restrict access but is not a security feature; it is a convenience setting [1]. Affected versions are Windows XP Pro SP2 and Windows 2000 Server SP4.

Exploitation

An attacker with local user access can use Microsoft Office 10 applications (e.g., Word, Excel) to browse and read the contents of restricted drives. Alternatively, using a flash drive can also bypass the policy. No special privileges beyond local user access are required.

Impact

Successful exploitation allows a local user to read files on drives that the group policy intended to hide or restrict. This leads to unauthorized information disclosure. The attacker does not gain elevated privileges but circumvents administrative restrictions.

Mitigation

The issue is disputed; the referenced post argues that the policy is a convenience setting, not a security boundary [1]. Microsoft has not released a fix, as the behavior is by design. Administrators should use appropriate ACLs or third-party software to truly prevent access to data [1]. No CVE listing in KEV.

References
  1. 'Re: Office 10 applications & flashdrives can be used to browse restricted'

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Microsoft/Windows 20005 versions
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • Microsoft/Windows Xp
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • Microsoft/Windows XP Pro SP2llm-create
    Range: SP2
  • Microsoft/Windows Server 2000llm-fuzzy
    Range: SP4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.