The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Score CVSS v2.0
10.0
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Informations
- Publié
- 3 nov. 2004
- Mis à jour
- 16 avr. 2026
- Statut
- Modified
- Source
- cve@mitre.org
Produits affectés
microsoft exchange server
Versions : 2000, 2003
microsoft windows 2000
microsoft windows nt
Versions : 4.0
microsoft windows server 2003
Versions : r2
Faiblesses (CWE)
CWE-787
Références (24)
- http://marc.info/?l=bugtraq&m=109761632831563&w=2Mailing ListThird Party Advisory
- http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10Third Party Advisory
- http://www.kb.cert.org/vuls/id/203126PatchThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17641Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17661Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=109761632831563&w=2Mailing ListThird Party Advisory
- http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10Third Party Advisory
- + 9 autres références sur NVD
CVEs similaires
Autres vulnérabilités de type CWE-787
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.