Vulnerabilities > CVE-2004-0214 - Unspecified vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 4 |
Exploit-Db
description | Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability. CVE-2004-0214. Dos exploit for windows platform |
id | EDB-ID:24051 |
last seen | 2016-02-02 |
modified | 2004-04-25 |
published | 2004-04-25 |
reporter | Rodrigo Gutierrez |
source | https://www.exploit-db.com/download/24051/ |
title | Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS04-037.NASL |
description | The remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or into opening a malicious file attachment. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15460 |
published | 2004-10-12 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15460 |
title | MS04-037: Vulnerability in Windows Shell (841356) |
code |
|
Oval
accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. family windows id oval:org.mitre.oval:def:1601 status accepted submitted 2004-10-14T03:37:00.000-04:00 title Windows ME Long Share Names Vulnerability version 2 accepted 2008-03-24T04:00:16.847-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Jeff Cheng organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. family windows id oval:org.mitre.oval:def:1749 status accepted submitted 2004-10-14T03:38:00.000-04:00 title Windows NT Long Share Names Vulnerability version 74 accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. family windows id oval:org.mitre.oval:def:2638 status accepted submitted 2004-10-14T03:37:00.000-04:00 title Windows 98 Long Share Names Vulnerability version 2 accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. family windows id oval:org.mitre.oval:def:4345 status accepted submitted 2004-10-14T03:38:00.000-04:00 title Windows 2000 Long Share Names Vulnerability version 64 accepted 2011-05-16T04:03:09.908-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. family windows id oval:org.mitre.oval:def:5307 status accepted submitted 2004-10-14T03:38:00.000-04:00 title Windows XP Long Share Names Vulnerability version 70
References
- http://seclists.org/lists/bugtraq/2004/Apr/0322.html
- http://seclists.org/lists/fulldisclosure/2004/Apr/0933.html
- http://www.securityfocus.com/bid/10213
- http://secunia.com/advisories/11482/
- http://www.kb.cert.org/vuls/id/616200
- http://securitytracker.com/id?1011647
- http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html
- http://www.osvdb.org/5687
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17662
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15956
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5307
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4345
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2638
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1749
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1601
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-037
- http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B322857