7.5
CVE-2004-0567
- EPSS 72.29%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Updatesp3
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server Version64-bit
Microsoft ≫ Windows 2003 Server Versionr2
Microsoft ≫ Windows Nt Version4.0 Updatesp6 Editionterminal_server
Microsoft ≫ Windows Nt Version4.0 Updatesp6a Editionserver
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 72.29% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/13466
http://securitytracker.com/id?1012517
http://www.ciac.org/ciac/bulletins/p-054.shtml
http://www.kb.cert.org/vuls/id/378160
http://www.osvdb.org/12370
http://www.securityfocus.com/bid/11922
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/18259