Vulnerability Description
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 2000 |
| Microsoft | Windows 2000 | - |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Server 2003 | r2 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=109761632831563&w=2Mailing ListThird Party Advisory
- http://www.ciac.org/ciac/bulletins/p-012.shtmlBroken Link
- http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10Third Party Advisory
- http://www.kb.cert.org/vuls/id/203126PatchThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-03PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17641Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17661Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- http://marc.info/?l=bugtraq&m=109761632831563&w=2Mailing ListThird Party Advisory
- http://www.ciac.org/ciac/bulletins/p-012.shtmlBroken Link
- http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10Third Party Advisory
FAQ
What is CVE-2004-0574?
CVE-2004-0574 is a vulnerability with a CVSS score of 10.0 (HIGH). The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers...
How severe is CVE-2004-0574?
CVE-2004-0574 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0574?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server, Microsoft Windows 2000, Microsoft Windows Nt, Microsoft Windows Server 2003.