Back to CVE Browser

CVE-2004-0574

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0000%

EPSS Percentile16.76th

PublishedNov 3, 2004

Last ModifiedApr 16, 2026

Vulnerability Description

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

Affected Platforms (CPE)

📦

Microsoft

Exchange Server

= 2000

📦

Microsoft

Exchange Server

= 2003

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Server 2003

= r2

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=109761632831563&w=2

🔗 http://www.ciac.org/ciac/bulletins/p-012.shtml

🔗 http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10

🔗 http://www.kb.cert.org/vuls/id/203126

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17641

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17661

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246

Related Vulnerabilities

CVE-2006-662710.0

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivi...

CVE-2007-021310.0

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows...

CVE-2004-084010.0

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 200...

CVE-2007-525210.0

Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM se...