Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-0574

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Published

2004-11-03T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	exchange_server	2000	Yes
Application	microsoft	exchange_server	2003	Yes
Operating System	microsoft	windows_2000	-	Yes
Operating System	microsoft	windows_nt	4.0	Yes
Operating System	microsoft	windows_server_2003	r2	Yes

References

http://marc.info/?l=bugtraq&m=109761632831563&w=2 Mailing List, Third Party Advisory ([email protected])
http://www.ciac.org/ciac/bulletins/p-012.shtml Broken Link ([email protected])
http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 Third Party Advisory ([email protected])
http://www.kb.cert.org/vuls/id/203126 Patch, Third Party Advisory, US Government Resource ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/17641 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/17661 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=109761632831563&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ciac.org/ciac/bulletins/p-012.shtml Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/203126 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17641 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17661 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)