CVE-2004-0214

Current Description

Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.

Basic Data

PublishedNovember 03, 2004
Last ModifiedOctober 12, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftIe6.0.2900*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 2000********
    2.3OSMicrosoftWindows 98*gold******
    2.3OSMicrosoftWindows Me********
    2.3OSMicrosoftWindows Xp*sp1tablet_pc*****

Vulnerable Software List

VendorProductVersions
Microsoft Windows Xp *
Microsoft Windows 98 *
Microsoft Windows 2000 *
Microsoft Ie 6.0.2900
Microsoft Windows Me *

References

NameSourceURLTags
20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.http://seclists.org/lists/bugtraq/2004/Apr/0322.htmlBUGTRAQVendor Advisory
20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.http://seclists.org/lists/fulldisclosure/2004/Apr/0933.htmlFULLDISCVendor Advisory
11482http://secunia.com/advisories/11482/SECUNIA
1011647http://securitytracker.com/id?1011647SECTRACK
322857http://support.microsoft.com/default.aspx?scid=kb;en-us;322857MSKB
VU#616200http://www.kb.cert.org/vuls/id/616200CERT-VNUS Government Resource
5687http://www.osvdb.org/5687OSVDB
http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.htmlhttp://www.securiteam.com/windowsntfocus/5JP0M1PCKI.htmlMISC
10213http://www.securityfocus.com/bid/10213BID
MS04-037https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-037MS
win-long-fileshare-bo(15956)https://exchange.xforce.ibmcloud.com/vulnerabilities/15956XF
win-ms04037-patch(17662)https://exchange.xforce.ibmcloud.com/vulnerabilities/17662XF
oval:org.mitre.oval:def:1601https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1601OVAL
oval:org.mitre.oval:def:1749https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1749OVAL
oval:org.mitre.oval:def:2638https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2638OVAL
oval:org.mitre.oval:def:4345https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4345OVAL
oval:org.mitre.oval:def:5307https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5307OVAL