CVE-2004-0840

EPSS 42.55%
Published 03.11.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2003 Update-

Microsoft ≫ Windows Server 2003 Version- HwPlatformx64

Microsoft ≫ Windows Server 2003 Versionr2

Microsoft ≫ Windows Xp HwPlatformx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	42.55%	0.974

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.kb.cert.org/vuls/id/394792

Patch

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/11374

Third Party Advisory

VDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-035

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17621

Third Party Advisory