ID CVE-2004-0900
Summary The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
CVSS
Base: 10.0 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2008-03-24T04:00:29.998-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3577
    status accepted
    submitted 2005-01-27T12:00:00.000-04:00
    title Windows NT DHCP Request Code Execution Vulnerability
    version 75
  • accepted 2008-03-24T04:00:37.993-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4846
    status accepted
    submitted 2004-12-16T12:00:00.000-04:00
    title Windows NT DHCP Request Code Execution Vulnerability (Terminal Server)
    version 74
refmap via4
xf winnt-dhcp-hardwareaddress-code-execution(18342)
Last major update 12-10-2018 - 21:35
Published 10-01-2005 - 05:00
Last modified 12-10-2018 - 21:35
Back to Top