CVE-2004-0120

Microsoft Windows SSL Library - Denial of Service via Malformed SSL Messages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0120. PoCs published by David Barroso.

AI-analyzed exploit summary This exploit targets CVE-2004-0120, a denial-of-service vulnerability in Microsoft SSL implementations (MS04-011). It crafts a malformed SSL/TLS Client Hello packet to trigger a crash in vulnerable IIS 5.0 servers with SSL enabled.

Description

The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.

Exploits (1)

exploitdb WORKING POC VERIFIED

by David Barroso · cdoswindows

https://www.exploit-db.com/exploits/176

View Code ZIP pw:eip

This exploit targets CVE-2004-0120, a denial-of-service vulnerability in Microsoft SSL implementations (MS04-011). It crafts a malformed SSL/TLS Client Hello packet to trigger a crash in vulnerable IIS 5.0 servers with SSL enabled.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft IIS 5.0 with SSL

No auth needed

Prerequisites: Network access to vulnerable IIS server with SSL enabled

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9

Core References

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/o-114.shtml

Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/150236

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A885

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A886

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15712

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A892

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10115

Scores

EPSS 0.5558

EPSS Percentile 98.9%

Details

Status published

Products (3)

microsoft/windows_2000

microsoft/windows_2003_server r2

microsoft/windows_xp

Published Jun 01, 2004

Tracked Since Feb 18, 2026