CVE-2004-0567

2004-12-3105:00:00

[email protected]

web.nvd.nist.gov

windows

wins

nt server

remote code execution

dos

buffer overflow

cve-2004-0567

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.902 High

EPSS

Percentile

98.8%

JSON

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an “unchecked buffer” and possibly triggers a buffer overflow, aka the “Name Validation Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2000sp3

microsoftwindows_2000sp4

microsoftwindows_2003_serverMatch64-bit

microsoftwindows_2003_serverMatchr2

microsoftwindows_ntMatch4.0sp6terminal_server

microsoftwindows_ntMatch4.0sp6aserver

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq64-bit
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2
microsoft:windows_ntmicrosoft windows nteq4.0

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	64-bit
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2
microsoft:windows_nt	microsoft windows nt	eq	4.0