CVE-2004-0574

2004-11-0305:00:00

CWE-787

[email protected]

web.nvd.nist.gov

microsoft

nntp

network news transfer protocol

cve-2004-0574

windows nt server 4.0

windows 2000 server

windows server 2003

exchange 2000 server

exchange server 2003

remote code execution

buffer overflow

nvd

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.955 High

EPSS

Percentile

99.4%

JSON

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an “unchecked buffer,” leading to off-by-one and heap-based buffer overflows.

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq2000
microsoft:exchange_servermicrosoft exchange servereq2003
microsoft:windows_server_2003microsoft windows server 2003eqr2
microsoft:windows_2000microsoft windows 2000eq-
microsoft:windows_ntmicrosoft windows nteq4.0

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	2000
microsoft:exchange_server	microsoft exchange server	eq	2003
microsoft:windows_server_2003	microsoft windows server 2003	eq	r2
microsoft:windows_2000	microsoft windows 2000	eq	-
microsoft:windows_nt	microsoft windows nt	eq	4.0