Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0574

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0574
Last Modified 10 Sep 2008 03:26:51
Published 03 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0574

Summary

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Nt 4.0

Application

  • Microsoft Exchange Server 2000

  • Microsoft Exchange Server 2003


References

CERT-VN - VU#203126

XF - win-nntp-bo(17641)

MS - MS04-036

XF - win-ms04036-patch(17661)

MISC - http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10

CIAC - P-012

BUGTRAQ - 20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities


Last Updated: 27 May 2016 10:38:39