ID CVE-2004-0212
Summary Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
References
Vulnerable Configurations
  • Avaya IP600 Media Servers
    cpe:2.3:a:avaya:ip600_media_servers
  • cpe:2.3:a:microsoft:ie:6.0:sp1
    cpe:2.3:a:microsoft:ie:6.0:sp1
  • Avaya DefinityOne Media Server
    cpe:2.3:h:avaya:definity_one_media_server
  • Avaya S8100
    cpe:2.3:h:avaya:s8100
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Advanced Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_server
  • Microsoft Windows 2000 Professional SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:professional
  • Microsoft Windows 2000 Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:server
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server
  • Microsoft Windows 4.0 sp6a server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server
  • Microsoft Windows 4.0 sp6a workstation
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • cpe:2.3:o:microsoft:windows_xp:-:home
    cpe:2.3:o:microsoft:windows_xp:-:home
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
  • cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit
  • Microsoft Windows XP Service Pack 1 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp1:home
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022). CVE-2004-0212. Local exploit for windows platform
    id EDB-ID:353
    last seen 2016-01-31
    modified 2004-07-18
    published 2004-07-18
    reporter N/A
    source https://www.exploit-db.com/download/353/
    title Microsoft Windows 2000/XP - Task Scheduler .job Exploit MS04-022
  • description MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022). CVE-2004-0212. Local exploit for windows platform
    id EDB-ID:368
    last seen 2016-01-31
    modified 2004-07-31
    published 2004-07-31
    reporter houseofdabus
    source https://www.exploit-db.com/download/368/
    title Microsoft Windows XP Task Scheduler .job Universal Exploit MS04-022
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS04-022.NASL
    description The remote host is running a version of Windows which contains a flaw in the task scheduler that could lead to arbitrary execution of commands on the remote host. To exploit this vulnerability, an attacker would need to lure a user on the remote host to take certain steps to execute a .job file, or to visit a rogue website, arbitrary commands could then be used on the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 13640
    published 2004-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13640
    title MS04-022: Task Scheduler Vulnerability (841873)
  • NASL family Windows
    NASL id TASK_SCHEDULER_TEST.NASL
    description There is a flaw in the Task Scheduler application which could allow a remote attacker to execute code remotely. There are many attack vectors for this flaw. An attacker, exploiting this flaw, would need to either have the ability to connect to the target machine or be able to coerce a local user to either install a .job file or browse to a malicious website.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 13852
    published 2004-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13852
    title MS04-022: Microsoft Windows Task Scheduler Remote Overflow (841873) (uncredentialed check)
oval via4
  • accepted 2014-02-24T04:00:15.437-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:1344
    status accepted
    submitted 2004-07-14T04:00:00.000-04:00
    title Windows NT Task Scheduler Stack Overflow
    version 76
  • accepted 2011-05-16T04:01:49.373-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:1781
    status accepted
    submitted 2004-07-14T12:00:00.000-04:00
    title Windows XP (64-Bit) Task Scheduler Stack Overflow
    version 71
  • accepted 2011-05-16T04:02:11.261-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:1964
    status accepted
    submitted 2004-07-13T12:00:00.000-04:00
    title Windows XP (32-Bit) Task Scheduler Stack Overflow
    version 68
  • accepted 2004-08-25T12:00:00.000-04:00
    class vulnerability
    contributors
    name Tiffany Bergeron
    organization The MITRE Corporation
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:3428
    status accepted
    submitted 2004-07-14T12:00:00.000-04:00
    title Windows 2000 Task Scheduler Stack Overflow
    version 63
refmap via4
bugtraq
  • 20040714 Microsoft Windows Task Scheduler '.job' Stack Overflow
  • 20040714 Unchecked buffer in mstask.dll
cert TA04-196A
cert-vn VU#228028
misc http://www.ngssoftware.com/advisories/mstaskjob.txt
ms MS04-022
secunia 12060
xf win-taskscheduler-bo(16591)
saint via4
bid 10708
description Windows Task Scheduler buffer overflow
id win_patch_taskbo
osvdb 7798
title windows_task_scheduler
type client
Last major update 17-10-2016 - 22:41
Published 06-08-2004 - 00:00
Last modified 12-10-2018 - 17:34
Back to Top