7.5

CVE-2004-0567

EPSS 66.16%
Veröffentlicht 31.12.2004 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp3

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Version64-bit

Microsoft ≫ Windows 2003 Server Versionr2

Microsoft ≫ Windows Nt Version4.0 Updatesp6 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp6a Editionserver

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	66.16%	0.985

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/13466

http://securitytracker.com/id?1012517

http://www.ciac.org/ciac/bulletins/p-054.shtml

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/378160

Patch

Third Party Advisory

US Government Resource

http://www.osvdb.org/12370

http://www.securityfocus.com/bid/11922

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045

https://exchange.xforce.ibmcloud.com/vulnerabilities/18259

https://nvd.nist.gov/vuln/detail/CVE-2004-0567

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0567

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0567

EUVD