CVE-2004-0210

HIGH KEV

Microsoft Interix - Buffer Overflow

Title source: rule

Description

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bkbll · clocalwindows

https://www.exploit-db.com/exploits/24277

View Code ZIP pw:eip

References (7)

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/647436

[Broken Link, Patch, Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA04-196A.html

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-020

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16590

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2166

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2847

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2004-0210

Scores

CVSS v3 7.8

EPSS 0.0679

EPSS Percentile 91.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03

VulnCheck KEV 2022-03-03

InTheWild.io 2022-03-03

ENISA EUVD EUVD-2004-0210

CWE

CWE-120

Status published

Products (3)

microsoft/interix 2.2

microsoft/windows_2000 (3 CPE variants)

microsoft/windows_nt 4.0 sp6a (3 CPE variants)

Published Aug 06, 2004

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026