ID CVE-2004-0119
Summary The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 13-11-2020 - 16:32)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-05-23T15:05:32.274-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    description The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
    family windows
    id oval:org.mitre.oval:def:1808
    status accepted
    submitted 2004-06-14T12:00:00.000-04:00
    title Service Vulnerability
    version 66
  • accepted 2007-05-23T15:05:35.128-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Glenn Strickland
      organization Secure Elements, Inc.
    description The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
    family windows
    id oval:org.mitre.oval:def:1962
    status accepted
    submitted 2004-06-15T12:00:00.000-04:00
    title Windows Server 2003 Negotiate Security Software Provider Denial of Service Vulnerability
    version 67
  • accepted 2011-05-16T04:02:15.814-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Anna Min
      organization BigFix, Inc
    • name Glenn Strickland
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
    family windows
    id oval:org.mitre.oval:def:1997
    status accepted
    submitted 2004-06-15T12:00:00.000-04:00
    title Windows XP Negotiate Security Software Provider Denial of Service Vulnerability
    version 73
refmap via4
bid 10113
cert TA04-104A
cert-vn VU#638548
ciac O-114
vulnwatch 20040414 NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding
xf win-spp-bo(15715)
Last major update 13-11-2020 - 16:32
Published 01-06-2004 - 04:00
Last modified 13-11-2020 - 16:32
Back to Top