Critical

CVE-2004-0212 - Unspecified vulnerability in multiple products

Publication: 2004-08-06
Summary

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Avaya Ip600 Media Servers
  • Microsoft Windows XP
  • Avaya Definity ONE Media Server
  • Avaya S8100
  • Avaya Modular Messaging Message Storage Server s3400
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Internet Explorer 6.0
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows XP
  • Microsoft Windows XP
  • Microsoft Windows XP
  • Microsoft Windows XP
  • Microsoft Windows 2000