ID CVE-2004-0212
Summary Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
References
Vulnerable Configurations
  • cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
    cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
  • cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
    cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
  • cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
    cpe:2.3:o:avaya:modular_messaging_message_storage_server:s3400:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
CVSS
Base: 10.0 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2014-02-24T04:00:15.437-05:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:1344
    status accepted
    submitted 2004-07-14T04:00:00.000-04:00
    title Windows NT Task Scheduler Stack Overflow
    version 76
  • accepted 2011-05-16T04:01:49.373-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:1781
    status accepted
    submitted 2004-07-14T12:00:00.000-04:00
    title Windows XP (64-Bit) Task Scheduler Stack Overflow
    version 71
  • accepted 2011-05-16T04:02:11.261-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:1964
    status accepted
    submitted 2004-07-13T12:00:00.000-04:00
    title Windows XP (32-Bit) Task Scheduler Stack Overflow
    version 68
  • accepted 2004-08-25T12:00:00.000-04:00
    class vulnerability
    contributors
    name Tiffany Bergeron
    organization The MITRE Corporation
    description Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
    family windows
    id oval:org.mitre.oval:def:3428
    status accepted
    submitted 2004-07-14T12:00:00.000-04:00
    title Windows 2000 Task Scheduler Stack Overflow
    version 63
refmap via4
bugtraq
  • 20040714 Microsoft Windows Task Scheduler '.job' Stack Overflow
  • 20040714 Unchecked buffer in mstask.dll
cert TA04-196A
cert-vn VU#228028
misc http://www.ngssoftware.com/advisories/mstaskjob.txt
ms MS04-022
secunia 12060
xf win-taskscheduler-bo(16591)
saint via4
bid 10708
description Windows Task Scheduler buffer overflow
id win_patch_taskbo
osvdb 7798
title windows_task_scheduler
type client
Last major update 30-04-2019 - 14:27
Published 06-08-2004 - 04:00
Back to Top