CVE-2003-0825

EPSS 35.04%
Veröffentlicht 03.03.2004 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000

Microsoft ≫ Windows 2000 Updatesp1

Microsoft ≫ Windows 2000 Updatesp2

Microsoft ≫ Windows 2000 Updatesp3

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Updater2 Editionx64

Microsoft ≫ Windows 2003 Server Versionenterprise Edition64-bit

Microsoft ≫ Windows 2003 Server Versionenterprise_64-bit

Microsoft ≫ Windows 2003 Server Versionr2 Editiondatacenter_64-bit

Microsoft ≫ Windows 2003 Server Versionstandard Edition64-bit

Microsoft ≫ Windows 2003 Server Versionweb

Microsoft ≫ Windows Nt Version4.0 Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Editionserver

Microsoft ≫ Windows Nt Version4.0 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp1 Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Updatesp1 Editionserver

Microsoft ≫ Windows Nt Version4.0 Updatesp1 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp2 Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Updatesp2 Editionserver

Microsoft ≫ Windows Nt Version4.0 Updatesp2 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp3 Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Updatesp3 Editionserver

Microsoft ≫ Windows Nt Version4.0 Updatesp3 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp4 Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Updatesp4 Editionserver

Microsoft ≫ Windows Nt Version4.0 Updatesp4 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp5 Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Updatesp5 Editionserver

Microsoft ≫ Windows Nt Version4.0 Updatesp5 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp6 Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Updatesp6 Editionserver

Microsoft ≫ Windows Nt Version4.0 Updatesp6 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp6a Editionenterprise_server

Microsoft ≫ Windows Nt Version4.0 Updatesp6a Editionserver

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	35.04%	0.969

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.ciac.org/ciac/bulletins/o-077.shtml

http://www.kb.cert.org/vuls/id/445214

US Government Resource

http://www.osvdb.org/3903

http://www.securityfocus.com/bid/9624

Patch

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006

https://exchange.xforce.ibmcloud.com/vulnerabilities/15037

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802

https://nvd.nist.gov/vuln/detail/CVE-2003-0825

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0825

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0825

EUVD