CVEブラウザに戻る

CVE-2004-0214

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0960%

EPSS Percentile37.61th

Published2004年11月3日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.

Affected Platforms (CPE)

📦

Microsoft

Internet Explorer

= 6.0.2900

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 98

All versions

💻

Microsoft

Windows Me

All versions

💻

Microsoft

Windows Xp

All versions

References & Advisories

🔗 http://seclists.org/lists/bugtraq/2004/Apr/0322.html

🔗 http://seclists.org/lists/fulldisclosure/2004/Apr/0933.html

🔗 http://secunia.com/advisories/11482/

🔗 http://securitytracker.com/id?1011647

🔗 http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B322857

🔗 http://www.kb.cert.org/vuls/id/616200

🔗 http://www.osvdb.org/5687

🔗 http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html

関連する脆弱性情報

CVE-1999-046510.0

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

CVE-1999-034710.0

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javasc...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-1999-124110.0

Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web...