CVE-2003-0825

critical

Description

The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704

https://exchange.xforce.ibmcloud.com/vulnerabilities/15037

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006

http://www.securityfocus.com/bid/9624

http://www.osvdb.org/3903

http://www.kb.cert.org/vuls/id/445214

http://www.ciac.org/ciac/bulletins/o-077.shtml

Details

Source: Mitre, NVD

Published: 2004-03-03

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical