CVE-2004-0574

critical

Description

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246

https://exchange.xforce.ibmcloud.com/vulnerabilities/17661

https://exchange.xforce.ibmcloud.com/vulnerabilities/17641

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036

http://www.kb.cert.org/vuls/id/203126

http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10

http://marc.info/?l=bugtraq&m=109761632831563&w=2

Details

Source: Mitre, NVD

Published: 2004-11-03

Updated: 2020-04-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical