CVE-2004-0574

Description

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Related CPE's

Could not find any relations

References

P-012

Broken Link

VU#203126

PatchThird Party AdvisoryUS Government Resource

http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10

Third Party Advisory

20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities

Mailing ListThird Party Advisory

win-ms04036-patch(17661)

Third Party AdvisoryVDB Entry

win-nntp-bo(17641)

Third Party AdvisoryVDB Entry

oval:org.mitre.oval:def:5926

Third Party Advisory

oval:org.mitre.oval:def:5070

Third Party Advisory

oval:org.mitre.oval:def:5021

Third Party Advisory

oval:org.mitre.oval:def:4392

Third Party Advisory

oval:org.mitre.oval:def:246

Third Party Advisory

MS04-036

PatchVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:C/I:C/A:C
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	COMPLETE
IntegrityImpact	COMPLETE
AvailabilityImpact	COMPLETE
BaseScore	10

Created by Yello

About Severity.io