var-200408-0134
Vulnerability from variot
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. A buffer overflow vulnerability exists in the Portable Operating System Interface for UNIX (POSIX) subsystem for Windows NT 4.0 and Windows 2000. This vulnerability may be exploited by a local authenticated user to gain full system privileges. The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges. Microsoft Windows contains a remote code execution vulnerability in the way that the Windows Shell launches applications. An remote attacker could exploit this vulnerability to execute arbitrary code if they could trick a user into visiting a malicious website. Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when handling redirects. This could lead to complete compromise of an affected computer. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA04-196A
Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express
Original release date: July 14, 2004 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows Systems
Overview
Microsoft has released a Security Bulletin Summary for July, 2004. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Details of the vulnerabilities and their impacts are provided below.
I. Description
The table below provides a reference between Microsoft's Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents. The attacker would have to convince a victim to view an HTML document (web page, HTML email) or click on a crafted URI link.
Exploitation of VU#869640 can lead to a denial-of-service condition against Outlook Express.
III. Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update.
Do not follow unsolicited links
It is generally a good practice not to click on unsolicited URLs received in email, instant messages, web forums, or Internet relay chat (IRC) channels. However, this practice does not always prevent exploitation of these types vulnerabilities. For example, a trusted web site could be compromised and modified to deliver exploit script to unsuspecting clients.
Maintain updated anti-virus software
Anti-virus software with updated virus definitions may identify and prevent some exploit attempts, but variations of exploits or attack vectors may not be detected. Do not rely solely on anti-virus software to defend against these vulnerabilities. More information about viruses and anti-virus vendors is available on the US-CERT Computer Virus Resources page.
Appendix A. Vendor Information
Specific information about these issue are available in the Security Bulletin Summary for July, 2004 and the US-CERT Vulnerability Notes.
Appendix B. References
* Microsoft's Security Bulletin Summary for July, 2004 -
<http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx>
* US-CERT Vulnerability Note VU#106324 -
<http://www.kb.cert.org/vuls/id/106324>
* US-CERT Vulnerability Note VU#187196 -
<http://www.kb.cert.org/vuls/id/187196>
* US-CERT Vulnerability Note VU#920060 -
<http://www.kb.cert.org/vuls/id/920060>
* US-CERT Vulnerability Note VU#228028 -
<http://www.kb.cert.org/vuls/id/228028>
* US-CERT Vulnerability Note VU#717748 -
<http://www.kb.cert.org/vuls/id/717748>
* US-CERT Vulnerability Note VU#647436 -
<http://www.kb.cert.org/vuls/id/647436>
* US-CERT Vulnerability Note VU#868580 -
<http://www.kb.cert.org/vuls/id/868580>
* US-CERT Vulnerability Note VU#869640 -
<http://www.kb.cert.org/vuls/id/869640>
* Increase Your Browsing and E-Mail Safety -
<http://www.microsoft.com/security/incident/settings.mspx>
* Working with Internet Explorer 6 Security Settings -
<http://www.microsoft.com/windows/ie/using/howto/security/settings
.mspx>
This alert was created by Jason A. Rafail. Feedback can be directed to the Vulnerability Note authors: Jason A. Rafail, Jeff P. Lanza, Chad R. Dougherty, Damon G. Morda, and Art Manion.
This document is available from:
<http://www.us-cert.gov/cas/techalerts/TA04-196A.html>
Copyright 2004 Carnegie Mellon University.
Terms of use: http://www.us-cert.gov/legal.html
Revision History
July 14, 2004: Initial release
Last updated July 14, 2004
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFA9ZD4XlvNRxAkFWARApJoAJ9kLfHwh9rjM39LkWpRYYkPDngD+QCcDj6Q P8VLUzmOQoMFj+903rIsKHU= =4I7x -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "microsoft",
"version": null
},
{
"model": "modular messaging message storage server",
"scope": "eq",
"trust": 1.6,
"vendor": "avaya",
"version": "s3400"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "definity one media server",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "s8100",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "ip600 media servers",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (workstation)"
},
{
"model": "s8100",
"scope": null,
"trust": 0.6,
"vendor": "avaya",
"version": null
},
{
"model": "definity one media server",
"scope": null,
"trust": 0.6,
"vendor": "avaya",
"version": null
},
{
"model": "iis alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "s8100 media servers",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "s3400 message application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "ip600 media servers",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "definityone media servers",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#647436"
},
{
"db": "CERT/CC",
"id": "VU#187196"
},
{
"db": "CERT/CC",
"id": "VU#869640"
},
{
"db": "CERT/CC",
"id": "VU#868580"
},
{
"db": "CERT/CC",
"id": "VU#106324"
},
{
"db": "CERT/CC",
"id": "VU#228028"
},
{
"db": "CERT/CC",
"id": "VU#717748"
},
{
"db": "CERT/CC",
"id": "VU#920060"
},
{
"db": "BID",
"id": "10706"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
},
{
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_nt",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Security Team\u203b secure@microsoft.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2004-0205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0205",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#647436",
"trust": 0.8,
"value": "14.06"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#187196",
"trust": 0.8,
"value": "25.52"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#869640",
"trust": 0.8,
"value": "7.48"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#868580",
"trust": 0.8,
"value": "21.26"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#106324",
"trust": 0.8,
"value": "26.65"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#228028",
"trust": 0.8,
"value": "46.58"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#717748",
"trust": 0.8,
"value": "10.13"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#920060",
"trust": 0.8,
"value": "30.38"
},
{
"author": "NVD",
"id": "CVE-2004-0205",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-067",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#647436"
},
{
"db": "CERT/CC",
"id": "VU#187196"
},
{
"db": "CERT/CC",
"id": "VU#869640"
},
{
"db": "CERT/CC",
"id": "VU#868580"
},
{
"db": "CERT/CC",
"id": "VU#106324"
},
{
"db": "CERT/CC",
"id": "VU#228028"
},
{
"db": "CERT/CC",
"id": "VU#717748"
},
{
"db": "CERT/CC",
"id": "VU#920060"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
},
{
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. A buffer overflow vulnerability exists in the Portable Operating System Interface for UNIX (POSIX) subsystem for Windows NT 4.0 and Windows 2000. This vulnerability may be exploited by a local authenticated user to gain full system privileges. The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges. Microsoft Windows contains a remote code execution vulnerability in the way that the Windows Shell launches applications. An remote attacker could exploit this vulnerability to execute arbitrary code if they could trick a user into visiting a malicious website. Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when handling redirects. This could lead to complete compromise of an affected computer. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n Technical Cyber Security Alert TA04-196A\n\nMultiple Vulnerabilities in Microsoft Windows Components and Outlook Express\n\n Original release date: July 14, 2004\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n * Microsoft Windows Systems\n\nOverview\n\n Microsoft has released a Security Bulletin Summary for July, 2004. \n This summary includes several bulletins that address vulnerabilities\n in various Windows applications and components. Details of the vulnerabilities and their impacts\n are provided below. \n\nI. Description\n\n The table below provides a reference between Microsoft\u0027s Security\n Bulletins and the related US-CERT Vulnerability Notes. More\n information related to the vulnerabilities is available in these\n documents. The attacker would have to convince a victim to\n view an HTML document (web page, HTML email) or click on a crafted URI\n link. \n\n Exploitation of VU#869640 can lead to a denial-of-service condition\n against Outlook Express. \n\nIII. Solution\n\nApply a patch\n\n Microsoft has provided the patches for these vulnerabilities in the\n Security Bulletins and on Windows Update. \n\nDo not follow unsolicited links\n\n It is generally a good practice not to click on unsolicited URLs\n received in email, instant messages, web forums, or Internet relay\n chat (IRC) channels. However, this practice does not always prevent\n exploitation of these types vulnerabilities. For example, a trusted\n web site could be compromised and modified to deliver exploit script\n to unsuspecting clients. \n\nMaintain updated anti-virus software\n\n Anti-virus software with updated virus definitions may identify and\n prevent some exploit attempts, but variations of exploits or attack\n vectors may not be detected. Do not rely solely on anti-virus software\n to defend against these vulnerabilities. More information about\n viruses and anti-virus vendors is available on the US-CERT Computer\n Virus Resources page. \n\nAppendix A. Vendor Information\n\n Specific information about these issue are available in the Security\n Bulletin Summary for July, 2004 and the US-CERT Vulnerability Notes. \n\nAppendix B. References\n\n * Microsoft\u0027s Security Bulletin Summary for July, 2004 -\n \u003chttp://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx\u003e\n\n * US-CERT Vulnerability Note VU#106324 -\n \u003chttp://www.kb.cert.org/vuls/id/106324\u003e\n\n * US-CERT Vulnerability Note VU#187196 -\n \u003chttp://www.kb.cert.org/vuls/id/187196\u003e\n\n * US-CERT Vulnerability Note VU#920060 -\n \u003chttp://www.kb.cert.org/vuls/id/920060\u003e\n\n * US-CERT Vulnerability Note VU#228028 -\n \u003chttp://www.kb.cert.org/vuls/id/228028\u003e\n\n * US-CERT Vulnerability Note VU#717748 -\n \u003chttp://www.kb.cert.org/vuls/id/717748\u003e\n\n * US-CERT Vulnerability Note VU#647436 -\n \u003chttp://www.kb.cert.org/vuls/id/647436\u003e\n\n * US-CERT Vulnerability Note VU#868580 -\n \u003chttp://www.kb.cert.org/vuls/id/868580\u003e\n\n * US-CERT Vulnerability Note VU#869640 -\n \u003chttp://www.kb.cert.org/vuls/id/869640\u003e\n\n * Increase Your Browsing and E-Mail Safety -\n \u003chttp://www.microsoft.com/security/incident/settings.mspx\u003e\n\n * Working with Internet Explorer 6 Security Settings -\n \u003chttp://www.microsoft.com/windows/ie/using/howto/security/settings\n .mspx\u003e\n _________________________________________________________________\n\n This alert was created by Jason A. Rafail. Feedback can be directed to\n the Vulnerability Note authors: Jason A. Rafail, Jeff P. Lanza, Chad\n R. Dougherty, Damon G. Morda, and Art Manion. \n _________________________________________________________________\n\n This document is available from: \n \n \u003chttp://www.us-cert.gov/cas/techalerts/TA04-196A.html\u003e \n \n _________________________________________________________________\n \n Copyright 2004 Carnegie Mellon University. \n \n Terms of use: \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\n Revision History\n\n July 14, 2004: Initial release\n\n Last updated July 14, 2004 \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niD8DBQFA9ZD4XlvNRxAkFWARApJoAJ9kLfHwh9rjM39LkWpRYYkPDngD+QCcDj6Q\nP8VLUzmOQoMFj+903rIsKHU=\n=4I7x\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0205"
},
{
"db": "CERT/CC",
"id": "VU#647436"
},
{
"db": "CERT/CC",
"id": "VU#187196"
},
{
"db": "CERT/CC",
"id": "VU#869640"
},
{
"db": "CERT/CC",
"id": "VU#868580"
},
{
"db": "CERT/CC",
"id": "VU#106324"
},
{
"db": "CERT/CC",
"id": "VU#228028"
},
{
"db": "CERT/CC",
"id": "VU#717748"
},
{
"db": "CERT/CC",
"id": "VU#920060"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"db": "BID",
"id": "10706"
},
{
"db": "PACKETSTORM",
"id": "33782"
}
],
"trust": 7.74
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#717748",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "12061",
"trust": 3.2
},
{
"db": "USCERT",
"id": "TA04-196A",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2004-0205",
"trust": 2.8
},
{
"db": "BID",
"id": "10706",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1010692",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "7799",
"trust": 1.6
},
{
"db": "XF",
"id": "16578",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#647436",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#187196",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#869640",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#868580",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#106324",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#228028",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#920060",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "12059",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1010690",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000276",
"trust": 0.8
},
{
"db": "MS",
"id": "MS04-021",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:2204",
"trust": 0.6
},
{
"db": "CIAC",
"id": "O-179",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA04-196A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200408-067",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "33782",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#647436"
},
{
"db": "CERT/CC",
"id": "VU#187196"
},
{
"db": "CERT/CC",
"id": "VU#869640"
},
{
"db": "CERT/CC",
"id": "VU#868580"
},
{
"db": "CERT/CC",
"id": "VU#106324"
},
{
"db": "CERT/CC",
"id": "VU#228028"
},
{
"db": "CERT/CC",
"id": "VU#717748"
},
{
"db": "CERT/CC",
"id": "VU#920060"
},
{
"db": "BID",
"id": "10706"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"db": "PACKETSTORM",
"id": "33782"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
},
{
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"id": "VAR-200408-0134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T12:07:14.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS04-021",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS04-021.mspx"
},
{
"title": "MS04-021",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS04-021.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "about vulnerability notes"
},
{
"trust": 4.0,
"url": "contact us about this vulnerability"
},
{
"trust": 4.0,
"url": "provide a vendor statement"
},
{
"trust": 2.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-196a.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/717748"
},
{
"trust": 2.4,
"url": "http://www.ciac.org/ciac/bulletins/o-179.shtml"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/10706"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/12061/"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/alerts/2004/jul/1010692.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/7799"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/12061"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/16578"
},
{
"trust": 1.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-021.mspx"
},
{
"trust": 1.1,
"url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-021"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16578"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2204"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/prodtechnol/windows2000serv/evaluate/featfunc/taskschd.mspx"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/windowsntfocus/5up0b15dgk.html"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/12059/"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/jul/1010690.html"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/windowsntfocus/5tp0a15dgq.html"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/library/default.asp?url=/library/en-us/htmlhelp/html/vsconhh1start.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0205"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20040714-ms04-021.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr042801.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-196a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-196a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0205"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2004/20040714_073145.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2004/20040714_073713.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2004/20040714_073844.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2004/20040720_130359.html"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-021.asp"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2204"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;873401"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/iis4cl.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-018.asp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/920060\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/106324\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0212"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/717748\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/869640\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0215"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/868580\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0201"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/647436\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/windows/ie/using/howto/security/settings"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-196a.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0210"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/security/incident/settings.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/187196\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/228028\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0420"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#647436"
},
{
"db": "CERT/CC",
"id": "VU#187196"
},
{
"db": "CERT/CC",
"id": "VU#869640"
},
{
"db": "CERT/CC",
"id": "VU#868580"
},
{
"db": "CERT/CC",
"id": "VU#106324"
},
{
"db": "CERT/CC",
"id": "VU#228028"
},
{
"db": "CERT/CC",
"id": "VU#717748"
},
{
"db": "CERT/CC",
"id": "VU#920060"
},
{
"db": "BID",
"id": "10706"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"db": "PACKETSTORM",
"id": "33782"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
},
{
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#647436"
},
{
"db": "CERT/CC",
"id": "VU#187196"
},
{
"db": "CERT/CC",
"id": "VU#869640"
},
{
"db": "CERT/CC",
"id": "VU#868580"
},
{
"db": "CERT/CC",
"id": "VU#106324"
},
{
"db": "CERT/CC",
"id": "VU#228028"
},
{
"db": "CERT/CC",
"id": "VU#717748"
},
{
"db": "CERT/CC",
"id": "VU#920060"
},
{
"db": "BID",
"id": "10706"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"db": "PACKETSTORM",
"id": "33782"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
},
{
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#647436"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#187196"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#869640"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#868580"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#106324"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#228028"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#717748"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#920060"
},
{
"date": "2004-07-13T00:00:00",
"db": "BID",
"id": "10706"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"date": "2004-07-14T14:51:00",
"db": "PACKETSTORM",
"id": "33782"
},
{
"date": "2004-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-067"
},
{
"date": "2004-08-06T04:00:00",
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#647436"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#187196"
},
{
"date": "2004-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#869640"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#868580"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#106324"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#228028"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#717748"
},
{
"date": "2004-07-14T00:00:00",
"db": "CERT/CC",
"id": "VU#920060"
},
{
"date": "2009-07-12T06:16:00",
"db": "BID",
"id": "10706"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000276"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-067"
},
{
"date": "2018-10-12T21:34:13.043000",
"db": "NVD",
"id": "CVE-2004-0205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows contains a buffer overflow in the POSIX subsystem",
"sources": [
{
"db": "CERT/CC",
"id": "VU#647436"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "10706"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-067"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.