CVE-2004-0362
ISS Protocol Analysis Module - Buffer Overflow
Title source: llmDescription
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16464
metasploit
WORKING POC
GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/firewall/blackice_pam_icq.rb
References (10)
Scores
EPSS
0.8340
EPSS Percentile
99.3%
Details
Status
published
Products (50)
iss/blackice_agent_server
3.6ebz
iss/blackice_agent_server
3.6eca
iss/blackice_agent_server
3.6ecb
iss/blackice_agent_server
3.6ecc
iss/blackice_agent_server
3.6ecd
iss/blackice_agent_server
3.6ece
iss/blackice_agent_server
3.6ecf
iss/blackice_pc_protection
3.6cbz
iss/blackice_pc_protection
3.6cca
iss/blackice_pc_protection
3.6ccb
... and 40 more
Published
Apr 15, 2004
Tracked Since
Feb 18, 2026