Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0212Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows NT

5 documents4 sources
Severity
10.0CRITICALNVD
EPSS
81.4%
top 0.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Avaya Modular Messaging Message Storage ServerMicrosoft IEMicrosoft Windows NT
Timeline
PublishedAug 6
Latest updateApr 29

Description

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/ie6.0

Patches

Patch: www.us-cert.govPatch: www.us-cert.gov

🔴Vulnerability Details

2
GHSA
GHSA-w9r2-vp5h-4jf8: Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 42022-04-29
CVEList
CVE-2004-0212: Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 42004-07-14

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows XP - Task Scheduler '.job' Universal (MS04-022)2004-07-31
Exploit-DB
Microsoft Windows Task Scheduler (XP/2000) - '.job' (MS04-022)2004-07-18
CVE-2004-0212 — Microsoft Windows NT vulnerability | cvebase