CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0193

HIGH
7.5
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile0.99th
PublishedMar 15, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Affected Platforms (CPE)

πŸ“¦
Iss

Blackice Agent Server

= 3.6eca
πŸ“¦
Iss

Blackice Pc Protection

= 3.6cbd
πŸ“¦
Iss

Blackice Server Protection

= 3.6cbz
πŸ“¦
Iss

Realsecure Desktop

= 3.6eca
πŸ“¦
Iss

Realsecure Desktop

= 3.6ecf
πŸ“¦
Iss

Realsecure Desktop

= 7.0ebg
πŸ“¦
Iss

Realsecure Desktop

= 7.0epk
πŸ“¦
Iss

Realsecure Guard

= 3.6ecb
πŸ“¦
Iss

Realsecure Network

= 7.0
πŸ“¦
Iss

Realsecure Sentry

= 3.6ecf
πŸ“¦
Iss

Realsecure Server Sensor

= 7.0
πŸ”Œ
Iss

Proventia A Series Xpu

= 20.15
πŸ”Œ
Iss

Proventia G Series Xpu

= 22.3
πŸ”Œ
Iss

Proventia M Series Xpu

= 1.30

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=107789851117176&w=2
πŸ”— http://secunia.com/advisories/10988
πŸ”— http://www.eeye.com/html/Research/Advisories/AD20040226.html
πŸ”— http://www.eeye.com/html/Research/Upcoming/20040213.html
πŸ”— http://www.kb.cert.org/vuls/id/150326
πŸ”— http://www.osvdb.org/4072
πŸ”— http://www.securityfocus.com/bid/9752
πŸ”— http://xforce.iss.net/xforce/alerts/id/165

Related Vulnerabilities

CVE-2002-02377.5

Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 a...

CVE-2005-27117.2

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecu...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-129010.0

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a...