CVE-2004-0567

Severity

75%

Complexity

99%

Confidentiality

106%

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 20 years ago

2004-12-31 05:00:00

Last updated 5 years ago

2019-04-30 14:27:00

Affected Software

Microsoft windows 2000_sp3

Microsoft Windows 2000 Service Pack 4

Microsoft Windows NT Terminal Server 4.0 SP6

4.0

Microsoft Windows 4.0 sp6a server

4.0

References

13466

1012517

P-054

Patch, Vendor Advisory

VU#378160

Patch, Third Party Advisory, US Government Resource

12370

11922

MS04-045

wins-memory-pointer-hijack(18259)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.