返回 CVE 瀏覽器

CVE-2004-0567

HIGH

7.5

CVSS Severity Score

EPSS Score0.0860%

EPSS Percentile32.61th

Published2004年12月31日

Last Modified2026年4月16日

Vulnerability Description

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

Affected Platforms (CPE)

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2000

All versions

💻

Microsoft

Windows 2003 Server

= 64-bit

💻

Microsoft

Windows 2003 Server

= r2

💻

Microsoft

Windows Nt

= 4.0

💻

Microsoft

Windows Nt

= 4.0

References & Advisories

🔗 http://secunia.com/advisories/13466

🔗 http://securitytracker.com/id?1012517

🔗 http://www.ciac.org/ciac/bulletins/p-054.shtml

🔗 http://www.kb.cert.org/vuls/id/378160

🔗 http://www.osvdb.org/12370

🔗 http://www.securityfocus.com/bid/11922

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18259

相關漏洞威脅

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2000-006110.0

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document h...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...