CVE-2004-1080

Microsoft Windows NT/2000/Server 2003 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-1080. PoCs published by Metasploit, class101, hdm, including Metasploit module exploits/windows/wins/ms04_045_wins.

AI-analyzed exploit summary This is a Metasploit module exploiting CVE-2004-1080, an arbitrary memory write flaw in the Microsoft WINS service. It targets Windows 2000 systems and achieves remote code execution by overwriting function pointers in memory.

Description

The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16359

This is a Metasploit module exploiting CVE-2004-1080, an arbitrary memory write flaw in the Microsoft WINS service. It targets Windows 2000 systems and achieves remote code execution by overwriting function pointers in memory.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft WINS Service on Windows 2000
No auth needed
Prerequisites: Network access to the WINS service (port 42) · Target system must be Windows 2000 with specific service packs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by class101 · c++remotewindows
https://www.exploit-db.com/exploits/909

This exploit targets a remote heap buffer overflow in Windows Internet Name Service (WINS) on Windows 2000 SP4. It uses a reverse shell payload to achieve remote code execution by overwriting critical structures via a crafted network packet.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows 2000 SP4 (WINS Service)
No auth needed
Prerequisites: Network access to WINS service (port 42 by default) · Unpatched Windows 2000 SP4 system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/wins/ms04_045_wins.rb

This Metasploit module exploits an arbitrary memory write flaw in the Microsoft WINS service (CVE-2004-1080) by sending a crafted packet to overwrite function pointers, leading to remote code execution. It includes fingerprinting to detect vulnerable systems and has been tested against Windows 2000.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft WINS Service on Windows 2000
No auth needed
Prerequisites: Network access to the WINS service (port 42) · Vulnerable version of Microsoft WINS Service
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (18)

Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1012516
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/890710
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/145134
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2541
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/12378
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1549
Various Sources x_refsource_misc
http://www.immunitysec.com/downloads/instantanea.pdf
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13328/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18259
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-054.shtml
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3677
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4831
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110150370506704&w=2
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11763
Various Sources third-party-advisory x_refsource_iss
http://xforce.iss.net/xforce/alerts/id/184
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4372
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2734

Scores

EPSS 0.8941
EPSS Percentile 99.6%

Details

Status published
Products (9)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server 2000
microsoft/windows_2003_server 2003
microsoft/windows_2003_server enterprise
microsoft/windows_2003_server enterprise_64-bit
microsoft/windows_2003_server r2 (2 CPE variants)
microsoft/windows_2003_server standard
microsoft/windows_2003_server web
microsoft/windows_nt 4.0 (24 CPE variants)
Published Jan 10, 2005
Tracked Since Feb 18, 2026