The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
CVSS v2.0 Score
10.0
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Information
- Published
- 3 nov. 2004
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
microsoft exchange server
Versions : 2000, 2003
microsoft windows 2000
microsoft windows nt
Versions : 4.0
microsoft windows server 2003
Versions : r2
Weaknesses (CWE)
CWE-787
References (24)
- http://marc.info/?l=bugtraq&m=109761632831563&w=2Mailing ListThird Party Advisory
- http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10Third Party Advisory
- http://www.kb.cert.org/vuls/id/203126PatchThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17641Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17661Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=109761632831563&w=2Mailing ListThird Party Advisory
- http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10Third Party Advisory
- + 9 more references on NVD
Similar CVEs
Other vulnerabilities of type CWE-787
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.