2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.015 Low
EPSS
Percentile
86.6%
A vulnerability exists in Microsoft’s COM object component. Explotiation of this vulnerability may lead to information disclosure and the ability for an attacker to open services on network communication ports.
Microsoft’s (COM) object component creates object identifiers in a way that may disclose information about a system. This information may then be used to permit applications to open and communicate over ports that were not previously open. This vulnerability affects the following systems:
* Windows NT Workstation 4.0
* Windows NT Server 4.0
* Windows NT Server 4.0, Terminal Server Edition
* Windows 2000
* Windows XP
* Windows Server 2003
An attacker may be able to have application enable network communication through alternate or unexpected communication ports. This could potentially allow services to communicate on ports that are not filtered or protected by the systems security policy.
Apply a patch from the vendor
Microsoft Security Bulletin MS04-012 contains patch information to resolve this issue.
212892
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 13, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Security Bulletin MS04-012 contains information regarding this issue.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23212892 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx>
The Microsoft Security Bulletin credits Todd Sabin of BindView for reporting this vulnerability.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2004-0124 |
---|---|
Severity Metric: | 11.39 Date Public: |