CVE-2000-0885 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Systems Management Server

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

24.7%

top 3.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Systems Management Server Microsoft Windows NT

Timeline

PublishedDec 19

Latest updateApr 30

Description

Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/systems_management_server1.2, 2.0+1

🔴Vulnerability Details

GHSA

GHSA-h5rj-28xj-8wwg: Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse F↗2022-04-30

▶

CVEList

CVE-2000-0885: Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse F↗2000-11-29

▶