ID CVE-2004-0202
Summary IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:8.0a:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:8.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:8.1a:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:8.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:8.1b:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:8.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
    family windows
    id oval:org.mitre.oval:def:1027
    status accepted
    submitted 2004-06-11T12:00:00.000-04:00
    title Windows 2000 DirectPlay Denial of Service
    version 65
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Anna Min
      organization BigFix, Inc
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
    family windows
    id oval:org.mitre.oval:def:2190
    status accepted
    submitted 2004-06-15T12:00:00.000-04:00
    title Windows XP (32-Bit) DirectPlay Denial of Service
    version 70
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
    family windows
    id oval:org.mitre.oval:def:2413
    status accepted
    submitted 2004-06-15T12:00:00.000-04:00
    title Windows XP (64-Bit) DirectPlay Denial of Service
    version 44
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
    family windows
    id oval:org.mitre.oval:def:2516
    status accepted
    submitted 2004-06-15T12:00:00.000-04:00
    title Windows Server 2003 (32-Bit) DirectPlay Denial of Service
    version 64
  • accepted 2016-02-19T10:00:00.000-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
    family windows
    id oval:org.mitre.oval:def:2705
    status accepted
    submitted 2004-06-15T12:00:00.000-04:00
    title Windows XP/Server 2003 DirectPlay Denial of Service (Test 2)
    version 40
refmap via4
bid 10487
ms MS04-016
osvdb 6742
secunia 11802
xf ms-directx-directplay-dos(16306)
Last major update 30-04-2019 - 14:27
Published 06-08-2004 - 04:00
Back to Top