CVE-2004-0567

Windows NT Server 4.0 SP 6a- Windows Server 2003 - Buffer Overflow

Title source: llm

Description

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by zuc · cremotewindows

https://www.exploit-db.com/exploits/733

View Code ZIP pw:eip

References (8)

[Third Party Advisory] http://secunia.com/advisories/13466

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/378160

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1012517

[Third Party Advisory, VDB Entry] http://www.osvdb.org/12370

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18259

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/11922

[Patch, Vendor Advisory] http://www.ciac.org/ciac/bulletins/p-054.shtml

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045

Scores

EPSS 0.2525

EPSS Percentile 96.2%

Details

Status published

Products (4)

microsoft/windows_2000 (2 CPE variants)

microsoft/windows_2003_server 64-bit

microsoft/windows_2003_server r2

microsoft/windows_nt 4.0 sp6 (2 CPE variants)

Published Dec 31, 2004

Tracked Since Feb 18, 2026