Buffer overflow : Windows NT NNTP Component Buffer Overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100608

Categoría: Buffer overflow

Título: Windows NT NNTP Component Buffer Overflow

Resumen: The Network News Transfer Protocol (NNTP) component of Microsoft; Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003,; Exchange 2000 Server, and Exchange Server 2003 allows remote attackers; to execute arbitrary code via XPAT patterns, possibly related to; improper length validation and an unchecked buffer, leading to; off-by-one and heap-based buffer overflows.

Descripción: Summary:
The Network News Transfer Protocol (NNTP) component of Microsoft
Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003,
Exchange 2000 Server, and Exchange Server 2003 allows remote attackers
to execute arbitrary code via XPAT patterns, possibly related to
improper length validation and an unchecked buffer, leading to
off-by-one and heap-based buffer overflows.

Solution:
Microsoft has released a bulletin that includes fixes to address this
issue for supported versions of the operating system.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0574
Bugtraq: 20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=109761632831563&w=2
CERT/CC vulnerability note: VU#203126
http://www.kb.cert.org/vuls/id/203126
Computer Incident Advisory Center Bulletin: P-012
http://www.ciac.org/ciac/bulletins/p-012.shtml
http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10
Microsoft Security Bulletin: MS04-036
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926
XForce ISS Database: win-ms04036-patch(17661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17661
XForce ISS Database: win-nntp-bo(17641)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17641

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100608
Categoría:	Buffer overflow
Título:	Windows NT NNTP Component Buffer Overflow
Resumen:	The Network News Transfer Protocol (NNTP) component of Microsoft; Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003,; Exchange 2000 Server, and Exchange Server 2003 allows remote attackers; to execute arbitrary code via XPAT patterns, possibly related to; improper length validation and an unchecked buffer, leading to; off-by-one and heap-based buffer overflows.
Descripción:	Summary: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an unchecked buffer, leading to off-by-one and heap-based buffer overflows. Solution: Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0574 Bugtraq: 20041012 CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=109761632831563&w=2 CERT/CC vulnerability note: VU#203126 http://www.kb.cert.org/vuls/id/203126 Computer Incident Advisory Center Bulletin: P-012 http://www.ciac.org/ciac/bulletins/p-012.shtml http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 Microsoft Security Bulletin: MS04-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926 XForce ISS Database: win-ms04036-patch(17661) https://exchange.xforce.ibmcloud.com/vulnerabilities/17661 XForce ISS Database: win-nntp-bo(17641) https://exchange.xforce.ibmcloud.com/vulnerabilities/17641
Copyright	Copyright (C) 2010 Greenbone AG