VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 14, 2005· Updated Apr 16, 2026

CVE-2005-1207

CVE-2005-1207

Description

Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Microsoft/Windows Server 20032 versions
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    • (no CPE)
  • Microsoft/Windows Xp2 versions
    cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

Root cause

"An unchecked buffer in the Web Client service allows a buffer overflow via specially crafted WebDAV request parameters."

Attack vector

An attacker must first authenticate to the affected system; the vulnerability cannot be exploited by anonymous users [ref_id=1]. After authentication, the attacker sends a crafted WebDAV request containing special parameters that trigger a buffer overflow in the Web Client service [ref_id=1]. The advisory notes that TCP ports 139 and 445 can be used inbound to attempt to connect to this service, and that the WebDAV protocol travels over HTTP (TCP port 80) [ref_id=1]. Successful exploitation allows remote code execution with full system control [ref_id=1].

Affected code

The vulnerability resides in the Web Client service (WebClient), which handles WebDAV requests. The advisory does not specify a particular function or file path, but identifies the service as the affected component [ref_id=1].

What the fix does

The security update modifies the way the Web Client service validates the length of a message before passing it to the allocated buffer [ref_id=1]. This closes the unchecked buffer condition that caused the overflow. No patch diff is included in the bundle; the advisory states the fix is included in Windows Server 2003 Service Pack 1 and is available as a standalone update for Windows XP Service Pack 1 and Windows Server 2003 [ref_id=1].

Preconditions

  • authAttacker must have valid logon credentials on the target system
  • configWeb Client service must be running (disabled by default on Windows Server 2003)
  • networkTCP ports 139 or 445 must be reachable from the attacker (or HTTP port 80 for WebDAV)
  • inputAttacker sends a specially crafted WebDAV request containing malicious parameters

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.