CVE-2004-0567

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0567
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2003_server	64-bit	64-bit.x
microsoft / windows_nt	4.0-sp6	4.0-sp6.x
microsoft / windows_2000	-	-
microsoft / windows_nt	4.0-sp6a	4.0-sp6a.x
microsoft / windows_2003_server	r2	r2.x

http://secunia.com/advisories/13466
http://securitytracker.com/id?1012517
http://www.ciac.org/ciac/bulletins/p-054.shtml
http://www.kb.cert.org/vuls/id/378160
http://www.osvdb.org/12370
http://www.securityfocus.com/bid/11922
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/18259

Vulnerability Database

289,599

CVE-2004-0567