CVE-2004-0900

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."

Published: Jan 10, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-0900
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_nt	4.0	4.0.x
microsoft / windows_nt	4.0-sp4	4.0-sp4.x
microsoft / windows_nt	4.0-sp3	4.0-sp3.x
microsoft / windows_nt	4.0-sp2	4.0-sp2.x
microsoft / windows_nt	4.0-sp5	4.0-sp5.x
microsoft / windows_nt	4.0-sp6	4.0-sp6.x
microsoft / windows_nt	4.0-sp1	4.0-sp1.x
microsoft / windows_nt	4.0-sp6a	4.0-sp6a.x

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-042
https://exchange.xforce.ibmcloud.com/vulnerabilities/18342
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4846

Vulnerability Database

289,599

CVE-2004-0900