Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.100608
Category:Buffer overflow
Title:Windows NT NNTP Component Buffer Overflow
Summary:The Network News Transfer Protocol (NNTP) component of Microsoft; Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003,; Exchange 2000 Server, and Exchange Server 2003 allows remote attackers; to execute arbitrary code via XPAT patterns, possibly related to; improper length validation and an unchecked buffer, leading to; off-by-one and heap-based buffer overflows.
Description:Summary:
The Network News Transfer Protocol (NNTP) component of Microsoft
Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003,
Exchange 2000 Server, and Exchange Server 2003 allows remote attackers
to execute arbitrary code via XPAT patterns, possibly related to
improper length validation and an unchecked buffer, leading to
off-by-one and heap-based buffer overflows.

Solution:
Microsoft has released a bulletin that includes fixes to address this
issue for supported versions of the operating system.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0574
Bugtraq: 20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=109761632831563&w=2
CERT/CC vulnerability note: VU#203126
http://www.kb.cert.org/vuls/id/203126
Computer Incident Advisory Center Bulletin: P-012
http://www.ciac.org/ciac/bulletins/p-012.shtml
http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10
Microsoft Security Bulletin: MS04-036
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926
XForce ISS Database: win-ms04036-patch(17661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17661
XForce ISS Database: win-nntp-bo(17641)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17641
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.