CVE-2004-0119

Description

The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.

Related CPE's

Could not find any relations

References

TA04-104A

Third Party AdvisoryUS Government Resource

VU#638548

PatchThird Party AdvisoryUS Government Resource

20040414 NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding

Broken Link

O-114

Broken Link

10113

Third Party AdvisoryVDB Entry

win-spp-bo(15715)

Third Party AdvisoryVDB Entry

oval:org.mitre.oval:def:1997

Third Party Advisory

oval:org.mitre.oval:def:1962

Third Party Advisory

oval:org.mitre.oval:def:1808

Third Party Advisory

MS04-011

PatchVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:P/I:P/A:P
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	PARTIAL
IntegrityImpact	PARTIAL
AvailabilityImpact	PARTIAL
BaseScore	7.5

Created by Yello

About Severity.io