Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0840

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0840
Last Modified 10 Sep 2008 03:28:01
Published 03 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0840

Summary

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp

Application

  • Microsoft Exchange Server 2003


References

CERT-VN - VU#394792

XF - win-ms04035-patch(17660)

XF - win2k3-smtp-execute-code(17621)

MS - MS04-035

BID - 11374


Last Updated: 27 May 2016 10:38:46