CVE-2004-0202

Current Description

IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Basic Data

PublishedAugust 06, 2004
Last ModifiedApril 30, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftDirectx7.0*******
    2.3ApplicationMicrosoftDirectx7.0a*******
    2.3ApplicationMicrosoftDirectx7.1*******
    2.3ApplicationMicrosoftDirectx8.0*******
    2.3ApplicationMicrosoftDirectx8.0a*******
    2.3ApplicationMicrosoftDirectx8.1*******
    2.3ApplicationMicrosoftDirectx8.1a*******
    2.3ApplicationMicrosoftDirectx8.1b*******
    2.3ApplicationMicrosoftDirectx8.2*******
    2.3ApplicationMicrosoftDirectx9.0a*******
    2.3ApplicationMicrosoftDirectx9.0b*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 2000*sp2******
    2.3OSMicrosoftWindows 2000*sp3******
    2.3OSMicrosoftWindows 2000*sp4******
    2.3OSMicrosoftWindows 2003 Serverenterprise*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverenterprise_64-bit*******
    2.3OSMicrosoftWindows 2003 Serverr2*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverr2*datacenter_64-bit*****
    2.3OSMicrosoftWindows 2003 Serverstandard*64-bit*****
    2.3OSMicrosoftWindows 2003 Serverweb*******
    2.3OSMicrosoftWindows 98*gold******
    2.3OSMicrosoftWindows 98se********
    2.3OSMicrosoftWindows Me********
    2.3OSMicrosoftWindows Xp**64-bit*****
    2.3OSMicrosoftWindows Xp**home*****
    2.3OSMicrosoftWindows Xp*goldprofessional*****
    2.3OSMicrosoftWindows Xp*sp164-bit*****
    2.3OSMicrosoftWindows Xp*sp1home*****

Vulnerable Software List

VendorProductVersions
Microsoft Windows Xp *
Microsoft Windows 98 *
Microsoft Windows 2000 *
Microsoft Windows 2003 Server enterprise, enterprise_64-bit, r2, standard, web
Microsoft Windows 98se *
Microsoft Directx 7.0, 7.0a, 7.1, 8.0, 8.0a, 8.1, 8.1a, 8.1b, 8.2, 9.0a, 9.0b
Microsoft Windows Me *

References

NameSourceURLTags
11802http://secunia.com/advisories/11802SECUNIA
6742http://www.osvdb.org/6742OSVDB
10487http://www.securityfocus.com/bid/10487BIDPATCH Vendor Advisory
MS04-016https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-016MS
ms-directx-directplay-dos(16306)https://exchange.xforce.ibmcloud.com/vulnerabilities/16306XF
oval:org.mitre.oval:def:1027https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1027OVAL
oval:org.mitre.oval:def:2190https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2190OVAL
oval:org.mitre.oval:def:2413https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2413OVAL
oval:org.mitre.oval:def:2516https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2516OVAL
oval:org.mitre.oval:def:2705https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2705OVAL