Vulnerabilities > CVE-2004-0202 - Remote Malformed Packet Denial Of Service vulnerability in Microsoft DirectX DirectPlay
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Vulnerable Configurations
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS04-016.NASL |
description | The remote host contains a version of DirectPlay that is vulnerable to a denial of service attack. DirectPlay is a component of DirectX and is frequently used by game developpers to create networked multi-player games. An attacker could exploit this flaw by sending a malformed IDirectPlay packet to a remote application using this service and cause it to crash. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12267 |
published | 2004-06-10 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12267 |
title | MS04-016: Vulnerability in DirectPlay Could Allow Denial of Service (839643) |
code |
|
Oval
accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. family windows id oval:org.mitre.oval:def:1027 status accepted submitted 2004-06-11T12:00:00.000-04:00 title Windows 2000 DirectPlay Denial of Service version 66 accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Anna Min organization BigFix, Inc name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. family windows id oval:org.mitre.oval:def:2190 status accepted submitted 2004-06-15T12:00:00.000-04:00 title Windows XP (32-Bit) DirectPlay Denial of Service version 71 accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. family windows id oval:org.mitre.oval:def:2413 status accepted submitted 2004-06-15T12:00:00.000-04:00 title Windows XP (64-Bit) DirectPlay Denial of Service version 45 accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. family windows id oval:org.mitre.oval:def:2516 status accepted submitted 2004-06-15T12:00:00.000-04:00 title Windows Server 2003 (32-Bit) DirectPlay Denial of Service version 65 accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Maria Mikhno organization ALTX-SOFT
description IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. family windows id oval:org.mitre.oval:def:2705 status accepted submitted 2004-06-15T12:00:00.000-04:00 title Windows XP/Server 2003 DirectPlay Denial of Service (Test 2) version 41
References
- http://secunia.com/advisories/11802
- http://www.osvdb.org/6742
- http://www.securityfocus.com/bid/10487
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16306
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1027
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2190
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2413
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2516
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2705