ID CVE-2004-0214
Summary Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:6.0.2900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0.2900:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
    family windows
    id oval:org.mitre.oval:def:1601
    status accepted
    submitted 2004-10-14T03:37:00.000-04:00
    title Windows ME Long Share Names Vulnerability
    version 2
  • accepted 2008-03-24T04:00:16.847-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
    family windows
    id oval:org.mitre.oval:def:1749
    status accepted
    submitted 2004-10-14T03:38:00.000-04:00
    title Windows NT Long Share Names Vulnerability
    version 71
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
    family windows
    id oval:org.mitre.oval:def:2638
    status accepted
    submitted 2004-10-14T03:37:00.000-04:00
    title Windows 98 Long Share Names Vulnerability
    version 2
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    name Andrew Buttner
    organization The MITRE Corporation
    description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
    family windows
    id oval:org.mitre.oval:def:4345
    status accepted
    submitted 2004-10-14T03:38:00.000-04:00
    title Windows 2000 Long Share Names Vulnerability
    version 63
  • accepted 2011-05-16T04:03:09.908-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
    family windows
    id oval:org.mitre.oval:def:5307
    status accepted
    submitted 2004-10-14T03:38:00.000-04:00
    title Windows XP Long Share Names Vulnerability
    version 69
refmap via4
bid 10213
bugtraq 20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.
cert-vn VU#616200
fulldisc 20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.
misc http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html
ms MS04-037
mskb 322857
osvdb 5687
sectrack 1011647
secunia 11482
xf
  • win-long-fileshare-bo(15956)
  • win-ms04037-patch(17662)
Last major update 12-10-2018 - 21:34
Published 03-11-2004 - 05:00
Back to Top