Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0119


Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0119
Last Modified 10 Sep 2008 03:25:09
Published 01 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp


  • Microsoft Internet Information Server


CERT-VN - VU#638548

CERT - TA04-104A

MS - MS04-011

VULNWATCH - 20040414 NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding

XF - win-spp-bo(15715)

BID - 10113

CIAC - O-114

Last Updated: 27 May 2016 10:38:28