CVE-2004-0840

EPSS 42.55%
Veröffentlicht 03.11.2004 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2003 Update-

Microsoft ≫ Windows Server 2003 Version- HwPlatformx64

Microsoft ≫ Windows Server 2003 Versionr2

Microsoft ≫ Windows Xp HwPlatformx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	42.55%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.kb.cert.org/vuls/id/394792

Patch

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/11374

Third Party Advisory

VDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-035

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17621

Third Party Advisory