Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.100608 |
Category: | Buffer overflow |
Title: | Windows NT NNTP Component Buffer Overflow |
Summary: | The Network News Transfer Protocol (NNTP) component of Microsoft; Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003,; Exchange 2000 Server, and Exchange Server 2003 allows remote attackers; to execute arbitrary code via XPAT patterns, possibly related to; improper length validation and an unchecked buffer, leading to; off-by-one and heap-based buffer overflows. |
Description: | Summary: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an unchecked buffer, leading to off-by-one and heap-based buffer overflows. Solution: Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0574 Bugtraq: 20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=109761632831563&w=2 CERT/CC vulnerability note: VU#203126 http://www.kb.cert.org/vuls/id/203126 Computer Incident Advisory Center Bulletin: P-012 http://www.ciac.org/ciac/bulletins/p-012.shtml http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 Microsoft Security Bulletin: MS04-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926 XForce ISS Database: win-ms04036-patch(17661) https://exchange.xforce.ibmcloud.com/vulnerabilities/17661 XForce ISS Database: win-nntp-bo(17641) https://exchange.xforce.ibmcloud.com/vulnerabilities/17641 |
Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |