Vulnerability Description
The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | 64-bit |
| Microsoft | Windows Nt | 4.0 |
References
- http://secunia.com/advisories/13466
- http://securitytracker.com/id?1012517
- http://www.ciac.org/ciac/bulletins/p-054.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/378160PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/12370
- http://www.securityfocus.com/bid/11922
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18259
- http://secunia.com/advisories/13466
- http://securitytracker.com/id?1012517
- http://www.ciac.org/ciac/bulletins/p-054.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/378160PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/12370
- http://www.securityfocus.com/bid/11922
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-04
FAQ
What is CVE-2004-0567?
CVE-2004-0567 is a vulnerability with a CVSS score of 7.5 (HIGH). The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer...
How severe is CVE-2004-0567?
CVE-2004-0567 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0567?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Nt.