CVE-2004-0574 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0574
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0574

Description: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/17641 http://xforce.iss.net/xforce/xfdb/17661 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5070 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4392 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:246 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5926 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5021 MS http://www.microsoft.com/technet/security/bulletin/ms04-036.asp MISC http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 CIAC http://www.ciac.org/ciac/bulletins/p-012.shtml CERT-VN 203126 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=109761632831563&w=2

Return to the previous page.