7.5

CVE-2004-0362

Exploit

EPSS 83.4%
Published 15.04.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Iss ≫ Blackice Agent Server Version3.6ebz

Iss ≫ Blackice Agent Server Version3.6eca

Iss ≫ Blackice Agent Server Version3.6ecb

Iss ≫ Blackice Agent Server Version3.6ecc

Iss ≫ Blackice Agent Server Version3.6ecd

Iss ≫ Blackice Agent Server Version3.6ece

Iss ≫ Blackice Agent Server Version3.6ecf

Iss ≫ Blackice Pc Protection Version3.6cbz

Iss ≫ Blackice Pc Protection Version3.6cca

Iss ≫ Blackice Pc Protection Version3.6ccb

Iss ≫ Blackice Pc Protection Version3.6ccc

Iss ≫ Blackice Pc Protection Version3.6ccd

Iss ≫ Blackice Pc Protection Version3.6cce

Iss ≫ Blackice Pc Protection Version3.6ccf

Iss ≫ Blackice Server Protection Version3.6cbz

Iss ≫ Blackice Server Protection Version3.6cca

Iss ≫ Blackice Server Protection Version3.6ccb

Iss ≫ Blackice Server Protection Version3.6ccc

Iss ≫ Blackice Server Protection Version3.6ccd

Iss ≫ Blackice Server Protection Version3.6cce

Iss ≫ Blackice Server Protection Version3.6ccf

Iss ≫ Realsecure Desktop Version3.6ebz

Iss ≫ Realsecure Desktop Version3.6eca

Iss ≫ Realsecure Desktop Version3.6ecb

Iss ≫ Realsecure Desktop Version3.6ecd

Iss ≫ Realsecure Desktop Version3.6ece

Iss ≫ Realsecure Desktop Version3.6ecf

Iss ≫ Realsecure Desktop Version7.0eba

Iss ≫ Realsecure Desktop Version7.0ebf

Iss ≫ Realsecure Desktop Version7.0ebg

Iss ≫ Realsecure Desktop Version7.0ebh

Iss ≫ Realsecure Desktop Version7.0ebj

Iss ≫ Realsecure Desktop Version7.0ebk

Iss ≫ Realsecure Desktop Version7.0ebl

Iss ≫ Realsecure Guard Version3.6ebz

Iss ≫ Realsecure Guard Version3.6eca

Iss ≫ Realsecure Guard Version3.6ecb

Iss ≫ Realsecure Guard Version3.6ecc

Iss ≫ Realsecure Guard Version3.6ecd

Iss ≫ Realsecure Guard Version3.6ece

Iss ≫ Realsecure Guard Version3.6ecf

Iss ≫ Realsecure Network Sensor Version7.0

Iss ≫ Realsecure Network Sensor Version7.0 Updatexpu_20.11

Iss ≫ Realsecure Network Sensor Version7.0 Updatexpu_22.10

Iss ≫ Realsecure Network Sensor Version7.0 Updatexpu_22.4

Iss ≫ Realsecure Network Sensor Version7.0 Updatexpu_22.9

Iss ≫ Realsecure Sentry Version3.6ebz

Iss ≫ Realsecure Sentry Version3.6eca

Iss ≫ Realsecure Sentry Version3.6ecb

Iss ≫ Realsecure Sentry Version3.6ecc

Iss ≫ Realsecure Sentry Version3.6ecd

Iss ≫ Realsecure Sentry Version3.6ece

Iss ≫ Realsecure Sentry Version3.6ecf

Iss ≫ Realsecure Server Sensor Version6.0 Editionwindows

Iss ≫ Realsecure Server Sensor Version6.0.1 Editionwindows

Iss ≫ Realsecure Server Sensor Version6.0.1_win_sr1.1

Iss ≫ Realsecure Server Sensor Version6.5 Editionwindows

Iss ≫ Realsecure Server Sensor Version6.5 Updatesr3.2 Editionwindows

Iss ≫ Realsecure Server Sensor Version6.5 Updatesr3.3 Editionwindows

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.1

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.4

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.5

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.6

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.7

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.8

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.9

Iss ≫ Realsecure Server Sensor Version6.5_win_sr3.10

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.1

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.10

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.11

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.2

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.3

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.4

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.5

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.6

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.7

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.8

Iss ≫ Realsecure Server Sensor Version7.0 Updatexpu22.9

Iss ≫ Proventia A Series Xpu Version20.11

Iss ≫ Proventia A Series Xpu Version22.1

Iss ≫ Proventia A Series Xpu Version22.2

Iss ≫ Proventia A Series Xpu Version22.3

Iss ≫ Proventia A Series Xpu Version22.4

Iss ≫ Proventia A Series Xpu Version22.5

Iss ≫ Proventia A Series Xpu Version22.6

Iss ≫ Proventia A Series Xpu Version22.7

Iss ≫ Proventia A Series Xpu Version22.8

Iss ≫ Proventia A Series Xpu Version22.9

Iss ≫ Proventia A Series Xpu Version22.10

Iss ≫ Proventia G Series Xpu Version22.1

Iss ≫ Proventia G Series Xpu Version22.2

Iss ≫ Proventia G Series Xpu Version22.3

Iss ≫ Proventia G Series Xpu Version22.4

Iss ≫ Proventia G Series Xpu Version22.5

Iss ≫ Proventia G Series Xpu Version22.6

Iss ≫ Proventia G Series Xpu Version22.7

Iss ≫ Proventia G Series Xpu Version22.8

Iss ≫ Proventia G Series Xpu Version22.9

Iss ≫ Proventia G Series Xpu Version22.10

Iss ≫ Proventia G Series Xpu Version22.11

Iss ≫ Proventia M Series Xpu Version1.1

Iss ≫ Proventia M Series Xpu Version1.2

Iss ≫ Proventia M Series Xpu Version1.3

Iss ≫ Proventia M Series Xpu Version1.4

Iss ≫ Proventia M Series Xpu Version1.5

Iss ≫ Proventia M Series Xpu Version1.6

Iss ≫ Proventia M Series Xpu Version1.7

Iss ≫ Proventia M Series Xpu Version1.8

Iss ≫ Proventia M Series Xpu Version1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	83.4%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://marc.info/?l=bugtraq&m=107965651712378&w=2

http://secunia.com/advisories/11073

http://www.ciac.org/ciac/bulletins/o-104.shtml

http://www.eeye.com/html/Research/Advisories/AD20040318.html

http://www.kb.cert.org/vuls/id/947254

Patch

Third Party Advisory

US Government Resource

http://www.osvdb.org/4355

http://www.securityfocus.com/bid/9913

Patch

Vendor Advisory

Exploit

http://xforce.iss.net/xforce/alerts/id/166

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15442

https://exchange.xforce.ibmcloud.com/vulnerabilities/15543

https://nvd.nist.gov/vuln/detail/CVE-2004-0362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0362

EUVD