CVE-2004-0212

Avaya IP600 Media Servers - Stack-Based Buffer Overflow via Long Parameters in .job File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-0212. PoCs published by houseofdabus, anonymous.

AI-analyzed exploit summary This is a functional exploit for CVE-2004-0212, targeting a buffer overflow in Microsoft Windows XP Task Scheduler via maliciously crafted .job files. The exploit generates a .job file with embedded shellcode for either port binding or connect-back functionality.

Description

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

Exploits (2)

exploitdb WORKING POC VERIFIED
by houseofdabus · clocalwindows
https://www.exploit-db.com/exploits/368

This is a functional exploit for CVE-2004-0212, targeting a buffer overflow in Microsoft Windows XP Task Scheduler via maliciously crafted .job files. The exploit generates a .job file with embedded shellcode for either port binding or connect-back functionality.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows XP Task Scheduler (SP0, SP1)
No auth needed
Prerequisites: Victim interaction to open the malicious .job file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · clocalwindows
https://www.exploit-db.com/exploits/353

This is a functional proof-of-concept exploit for CVE-2004-0212, targeting a vulnerability in the Microsoft Windows Task Scheduler. It creates a malicious .job file that, when accessed, triggers a buffer overflow to execute arbitrary code (notepad.exe in this case).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 2000/XP (English WinXP SP1)
No auth needed
Prerequisites: Access to the target system's file system to place the malicious .job file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (12)

Core 12
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108981403025596&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16591
Various Sources x_refsource_misc
http://www.ngssoftware.com/advisories/mstaskjob.txt
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108981273009250&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228028
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12060

Scores

EPSS 0.6350
EPSS Percentile 99.1%

Details

Status published
Products (8)
avaya/definity_one_media_server
avaya/ip600_media_servers
avaya/modular_messaging_message_storage_server s3400
avaya/s8100
microsoft/ie 6.0 sp1
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_nt 4.0 sp6a (3 CPE variants)
microsoft/windows_xp (5 CPE variants)
Published Aug 06, 2004
Tracked Since Feb 18, 2026