CVE-2004-0574

Current Description

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Basic Data

PublishedNovember 03, 2004
Last ModifiedApril 09, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-787
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftExchange Server2000-******
    2.3ApplicationMicrosoftExchange Server2003-******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 2000--******
    2.3OSMicrosoftWindows Nt4.0***server***
    2.3OSMicrosoftWindows Server 2003r2*******

Vulnerable Software List

VendorProductVersions
Microsoft Exchange Server 2000, 2003
Microsoft Windows 2000 -
Microsoft Windows Server 2003 r2
Microsoft Windows Nt 4.0

References

NameSourceURLTags
20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilitieshttp://marc.info/?l=bugtraq&m=109761632831563&w=2BUGTRAQMailing List Third Party Advisory
P-012http://www.ciac.org/ciac/bulletins/p-012.shtmlCIACBroken Link
http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10MISCThird Party Advisory
VU#203126http://www.kb.cert.org/vuls/id/203126CERT-VNPATCH Third Party Advisory US Government Resource
MS04-036https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036MSPATCH Vendor Advisory
win-nntp-bo(17641)https://exchange.xforce.ibmcloud.com/vulnerabilities/17641XFThird Party Advisory VDB Entry
win-ms04036-patch(17661)https://exchange.xforce.ibmcloud.com/vulnerabilities/17661XFThird Party Advisory VDB Entry
oval:org.mitre.oval:def:246https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246OVALThird Party Advisory
oval:org.mitre.oval:def:4392https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392OVALThird Party Advisory
oval:org.mitre.oval:def:5021https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021OVALThird Party Advisory
oval:org.mitre.oval:def:5070https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070OVALThird Party Advisory
oval:org.mitre.oval:def:5926https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926OVALThird Party Advisory