Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0212

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0212
Last Modified 10 Sep 2008 03:25:31
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0212

Summary

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

Vulnerable Systems

Operating System

  • Avaya Modular Messaging Message Storage Server S3400

  • Microsoft Windows 2000

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp

Application

  • Avaya Ip600 Media Servers

  • Microsoft Ie 6.0


References

CERT - TA04-196A

CERT-VN - VU#228028

XF - win-taskscheduler-bo(16591)

MISC - http://www.ngssoftware.com/advisories/mstaskjob.txt

MS - MS04-022

BUGTRAQ - 20040714 Unchecked buffer in mstask.dll

SECUNIA - 12060

BUGTRAQ - 20040714 Microsoft Windows Task Scheduler '.job' Stack Overflow


Last Updated: 27 May 2016 10:38:31