ID CVE-2004-0574
Summary The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
References
Vulnerable Configurations
  • Microsoft exchange_srv 2000
    cpe:2.3:a:microsoft:exchange_server:2000
  • Microsoft exchange_srv 2003
    cpe:2.3:a:microsoft:exchange_server:2003
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • cpe:2.3:o:microsoft:windows_2003_server:r2
    cpe:2.3:o:microsoft:windows_2003_server:r2
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:server
    cpe:2.3:o:microsoft:windows_nt:4.0:-:server
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description MS Windows NNTP Service (XPAT) Denial of Service Exploit (MS04-036). CVE-2004-0574. Dos exploit for windows platform
id EDB-ID:578
last seen 2016-01-31
modified 2004-10-16
published 2004-10-16
reporter Lucas Lavarello
source https://www.exploit-db.com/download/578/
title Microsoft Windows NNTP Service XPAT Denial of Service Exploit MS04-036
nessus via4
NASL family Windows
NASL id MSNNTP_CODE_EXECUTION.NASL
description The remote host is running a version of Microsoft NNTP server that is vulnerable to a buffer overflow issue. An attacker may exploit this flaw to execute arbitrary commands on the remote host with the privileges of the NNTP server process.
last seen 2019-02-21
modified 2018-11-15
plugin id 15465
published 2004-10-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15465
title MS04-036: Microsoft NNTP Component Remote Overflow (883935) (uncredentialed check)
oval via4
  • accepted 2007-11-13T12:01:09.183-05:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    description The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
    family windows
    id oval:org.mitre.oval:def:246
    status accepted
    submitted 2004-10-26T09:17:00.000-04:00
    title Network News Transfer Protocol Buffer Overflow
    version 29
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
    family windows
    id oval:org.mitre.oval:def:4392
    status accepted
    submitted 2004-10-14T08:47:00.000-04:00
    title Windows Server 2003 NNTP Component Buffer Overflow
    version 28
  • accepted 2007-11-13T12:01:18.060-05:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    description The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
    family windows
    id oval:org.mitre.oval:def:5021
    status accepted
    submitted 2004-10-13T12:21:00.000-04:00
    title Vulnerability in NNTP Could Allow Remote Code Execution
    version 30
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
    family windows
    id oval:org.mitre.oval:def:5070
    status accepted
    submitted 2004-10-14T01:15:00.000-04:00
    title Windows NT NNTP Component Buffer Overflow
    version 36
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
    family windows
    id oval:org.mitre.oval:def:5926
    status accepted
    submitted 2004-10-14T08:58:00.000-04:00
    title Windows 2000 NNTP Component Buffer Overflow
    version 33
refmap via4
bugtraq 20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities
cert-vn VU#203126
ciac P-012
misc http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10
ms MS04-036
xf
  • win-ms04036-patch(17661)
  • win-nntp-bo(17641)
Last major update 17-10-2016 - 22:46
Published 03-11-2004 - 00:00
Last modified 12-10-2018 - 17:34
Back to Top