Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0119

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0119
Last Modified 10 Sep 2008 03:25:09
Published 01 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0119

Summary

The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp

Application

  • Microsoft Internet Information Server


References

CERT-VN - VU#638548

CERT - TA04-104A

MS - MS04-011

VULNWATCH - 20040414 NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding

XF - win-spp-bo(15715)

BID - 10113

CIAC - O-114


Last Updated: 27 May 2016 10:38:28