7.5

CVE-2004-0567

EPSS 66.16%
Published 31.12.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp3

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Version64-bit

Microsoft ≫ Windows 2003 Server Versionr2

Microsoft ≫ Windows Nt Version4.0 Updatesp6 Editionterminal_server

Microsoft ≫ Windows Nt Version4.0 Updatesp6a Editionserver

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	66.16%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/13466

http://securitytracker.com/id?1012517

http://www.ciac.org/ciac/bulletins/p-054.shtml

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/378160

Patch

Third Party Advisory

US Government Resource

http://www.osvdb.org/12370

http://www.securityfocus.com/bid/11922

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045

https://exchange.xforce.ibmcloud.com/vulnerabilities/18259

https://nvd.nist.gov/vuln/detail/CVE-2004-0567

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0567

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0567

EUVD